|
Volume 23 — Issue 46 | November 16, 2023 |
|
|
An unfamiliar, burning building filled with dark, dense smoke is an extremely hazardous environment for firefighters. Firefighters can become disoriented or trapped in this environment, when every second counts.
Responders use thermal imagers to assess the scene and to aid their situational awareness in low-visibility indoor environments. While thermal imaging cameras are indispensable for locating other responders, raw thermal images are not necessarily the best tool to help firefighters navigate around the walls, doors, and other objects in an unfamiliar indoor environment so they can exit quickly to safety.
The Department of Homeland Security (DHS), Science and Technology Directorate (S&T) conducted a field test of a new technology called C-THRU earlier this year. This technology is a real-time, indoor visualization system that enhances firefighters’ situational awareness in low visibility environments.
The C-THRU system consists of two components: the Navigator (worn on the helmet) and the Visual Command (a tablet used by incident commanders to see what their crew members are seeing). C-THRU works as an augmented reality tool that uses raw, thermal images within the firefighter’s visual frame to create a visual overlay of the edges of all objects within the field of view. This capability is referred to as edge detection.
The developer of this prototype, San Francisco-based Quake Technologies, Inc., is currently developing an additional backtracking function that provides turn-by-turn guidance, allowing a responder to follow the path they took into the building back out to safety. The C-THRU system also has many communications features built in, such as the ability to communicate status to the incident commander.
DHS S&T leveraged its First Responder Resource Group (FRRG) for input that helped to refine the interface for the technology. The FRRG helped DHS S&T design an interface with ergonomic, well-placed buttons that can accommodate firefighters’ large gloves and can be operated using tactile feedback, without having to see the interface.
In August 2023, fire departments from California, Chicago, and New York participated in an operational field assessment of this technology at the San Diego Fire-Rescue Training Facility in California. S&T’s National Urban Security Technology Laboratory (NUSTL) oversaw the event, designing three different scenarios that subjected this technology to the punishing realities of firefighting.
NUSTL is currently developing an Operational Field Assessment report on C-THRU, which will incorporate the feedback from responders during the August field assessment. The feedback will be used to further refine the product for successful commercialization in 2024.
To learn more about this technology and hear directly from responders who evaluated it, see DHS S&T’s Nov. 6 feature article, which includes a short video featuring responder testimony. You can also check out the C-THRU Real-Time Indoor Visualization System Fact Sheet and DHS S&T’s Technologically Speaking Podcast, Minisode 15: Almost Like You’re Watching a Video Game, which features interviews with responders during the August field assessment.
(Source: DHS S&T)
|
|
|
Since the publication of the third version of the National Incident Management System (NIMS) in 2017, the Federal Emergency Management Agency (FEMA) has received stakeholder feedback indicating that some organizations may be facing challenges with implementing the resource management component of NIMS, particularly the typing, inventorying, and tracking of response assets.
On Oct. 3, FEMA’s National Integration Center released the 2023 NIMS Resource Management Survey. The survey offers jurisdictions an opportunity to recommend enhancements for NIMS programming. This includes the National Qualification System (NQS), resource typing, mutual aid, emergency operations center (EOC) skillsets and tools, and more.
The survey is hosted on FEMA’s Preparedness Toolkit website, which is also where FEMA’s NIMS doctrine, guidance, and tools are housed. In the first page of the survey, FEMA lists its tools and guidance documents that specifically support the resource management component of NIMS. To access and review this suite of guidance and tools, see the links provided in the survey, or visit the Resource Management section of the Preparedness Toolkit website.
The survey will remain open until FEMA collects 1000 responses. To participate, please visit https://preptoolkit.fema.gov/web/nims-toolkit/nims-survey.
Questions can be directed to the NIMS Inbox at FEMA-NIMS@fema.dhs.gov. If you previously completed the survey in response to an earlier request for feedback, please contact the NIMS Inbox to ensure your submission has been captured.
(Source: FEMA)
In the wake of the COVID-19 pandemic, a tightening labor market, heightened community frustration with the policing profession, and concerns about officer safety and well-being, law enforcement agencies across the country face an historic crisis in recruiting and retaining qualified candidates.
On Oct. 17, the Department of Justice (DOJ) announced the release of a new publication, Recruitment and Retention for the Modern Law Enforcement Agency. The report presents recommendations to address the serious challenges in recruitment and retention law enforcement agencies are facing nationwide.
The recommendations in this publication are the work of a group convened on April 18, 2023, in Washington, D.C., at the request of the U.S. Attorney General. The group consisted of more than 35 law enforcement and community leaders from across the country.
The April meeting was facilitated by the DOJ’s Office of Community Oriented Policing Services (COPS Office) and the Office of Justice Programs’ Bureau of Justice Assistance (BJA). The COPS Office and BJA then incorporated the meeting outcomes into this report.
Some of the report’s recommendations include reconsidering officer eligibility requirements to better reflect modern police work; modernizing and accelerating the hiring process; investing in officer health, safety, and wellbeing; and working with community leaders to target recruitment efforts toward diverse candidates and potential recruits who might otherwise not consider law enforcement as a career.
The report is available within the COPS Office Resource Center.
(Source: DOJ)
Chemical incidents create many distinct and unique challenges for communities due to the nature of the agents involved, public health issues and economic consequences.
FEMA has just launched a new distance learning course, AWR-947-W: Key Planning Factors and Considerations for Response to and Recovery from a Chemical Incident (Chem KPF course), offered through the Center for Domestic Preparedness (CDP).
The Chem KPF course is based on FEMA’s guidance document, Key Planning Factors and Considerations for Response to and Recovery from a Chemical Incident (Chem KPF), published in June 2022 by FEMA’s Chemical, Biological, Radiological and Nuclear (CBRN) Office. FEMA’s CBRN Office was renamed earlier this year and is now called the Office of Emerging Threats.
The goal of the Chem KPF course is to provide education, awareness, and guidance to support the development of effective federal, state, local, tribal, territorial (FSLTT) and regional chemical incident plans.
The course is targeted to regional and state, local, tribal, and territorial (SLTT) emergency managers and planners or other stakeholders who may be involved in chemical incident planning, response, and recovery. These stakeholders may include first responders and receivers, fire departments, law enforcement, private sector partners (e.g., chemical industry partners, hazardous materials specialists, hazardous waste management specialists), public health officials, hospitals, mental health providers, employees of non-governmental organizations (NGOs), and college-level and advance degree students.
This course can be completed independently online at the participant’s own pace and is estimated to take about 2.5 hours to complete. Learn more and apply for the course on CDP’s website.
(Sources: FEMA, CDP)
|
|
CISA, FBI, and MS-ISAC release advisory on Rhysida ransomware
On Nov. 15, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Rhysida Ransomware, to disseminate known Rhysida ransomware indicators of compromise (IOCs), detection methods, and tactics, techniques, and procedures (TTPs) identified through investigations as recently as September 2023.
Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates. Rhysida actors leverage external-facing remote services, such as virtual private networks (VPNs), Zerologon vulnerability (CVE-2020-1472), and phishing campaigns to gain initial access and persistence within a network.
(Source: CISA)
CISA releases update to Royal ransomware advisory
On Nov. 13, the FBI and CISA released an update to joint Cybersecurity Advisory (CSA) #StopRansomware: Royal Ransomware. The updated advisory provides network defenders with additional information on tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware variants. FBI investigations identified these TTPs and IOCs as recently as June 2023.
Royal ransomware attacks have spread across numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.
(Source: CISA)
|
|
Intel fixes high-severity CPU bug that causes “very strange behavior”
On Tuesday, Nov. 14, Intel pushed microcode updates to fix a high-severity CPU bug that has the potential to be maliciously exploited against cloud-based hosts.
The flaw, affecting virtually all modern Intel CPUs, causes them to “enter a glitch state where the normal rules don’t apply,” Tavis Ormandy, one of several security researchers inside Google who discovered the bug, reported. Once triggered, the glitch state results in unexpected and potentially serious behavior, most notably system crashes that occur even when untrusted code is executed within a guest account of a virtual machine, which, under most cloud security models, is assumed to be safe from such faults. Escalation of privileges is also a possibility.
The bug, tracked under the common name Reptar and the designation CVE-2023-23583, is related to how affected CPUs manage prefixes, which change the behavior of instructions sent by running software.
(Source: Ars Technica)
Maine govt notifies 1.3 million people of MOVEit data breach
The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population.
MOVEit attacks were part of a massive data theft campaign from the Clop ransomware gang who, on May 27, started to exploit a zero-day vulnerability in the software product.
Various Maine state agencies were among the thousands of organizations worldwide using the Progress Software data transfer product. The most impacted agency was Maine’s Department of Health and Human Services, followed by the Maine Department of Education.
(Source: Bleeping Computer)
Local city still working to restore services after ransomware attack
Huber Heights, a city in Montgomery County, Ohio, keeps working to restore many of its services after a ransomware attack.
The Huber Heights City Manager said at this time they are slowly getting city services back up and running. “Today, we’re actually able to say that the police department can now issue accident reports and incident reports to the public as they request them,” the City Manager said.
The city immediately brought in a cybersecurity firm to begin the investigation. “Essentially, Huber Heights is reacting to the fact that their entire organizational network is down, but they still need to conduct business,” a member of the investigating cybersecurity firm said. City officials have received new devices from Verizon to use in the meantime.
(Source: WHIO-TV)
Tri-City says no ‘firm timetable for full restoration’ after cyberattack; layoff notices sent
Tri-City Medical Center, located in north San Diego County, California, appears to be recovering from a recent cyberattack but remains mum on news of an apparent 100-employee layoff that has occurred since the digital breach occurred Thursday, Nov. 9. In a short statement, hospital management said that the Oceanside facility is “making significant progress in the restoration of systems, though we do not yet have a firm timetable for full restoration.”
The attack on Tri-City appeared to be ransomware, according to an employee. “Apparently, Thursday, a note printed out of every printer at the same time and then everyone was running around shutting off printers,” the employee said.
As was the case with an attack against Scripps Health in 2021, the employee said that Tri-City has been forced to revert to paper medical charts while its computers are offline.
(Source: The San Diego Union-Tribune)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
