EMR-ISAC InfoGram April 4 – Fire is fast – and getting faster: Recent product recalls and the need to educate consumers about fire risks; Updated NIMS Guideline for Mutual Aid

EMR-ISAC sent this bulletin at 04/05/2024 10:08 AM EDT

The Info Gram - Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC)

Volume 24 — Issue 14 | April 4, 2024

Fire is fast – and getting faster: Recent product recalls and the need to educate consumers about fire risks

In recent testimony to the U.S. House of Representatives, the U.S. Fire Administration (USFA), Fire Safety Research Institute (FSRI), International Association of Fire Chiefs (IAFC), and the New York City Fire Department (FDNY) discussed how fast fire can progress within a typical modern structure and how little time there is to escape.

Today’s structure fires can go from a small flame to flashover in just 3 to 5 minutes, partly due to the synthetic materials used in modern furnishings and interior finishes. Additionally, lithium-ion batteries are becoming increasingly common household items used in consumer electronics, power tools, micromobility devices, and electric vehicles. When these batteries burn, the time from the first sign of smoke until thermal runaway and explosion can be as little as 15 seconds.

Public awareness of common fire risks is critical to saving lives and drastically reducing property loss.

The Consumer Product Safety Commission (CPSC) issues voluntary and mandatory standards that consumer products must meet to be considered safe. CPSC also directly informs and educates consumers about safety risks from products already on the market. The fire service can help by reporting unsafe products to the CPSC and by sharing CPSC’s fire safety messages with their community.

Just last month, the CPSC released several alerts about consumer products posing fire hazards:

Insignia air fryers and air fryer ovens. Best Buy has recalled more than 187,400 of its Insignia air fryers due to overheating, which could lead to fire, burn, or laceration hazards as components of the fryers may melt, break, or shatter under heat.
Honeywell System Sensor L-series low frequency fire alarms and strobes The sounders and strobes can malfunction and cause the fire alarm system to fail to alert consumers of a fire. Honeywell is recalling about 29,000 units.
Elide fire extinguishing balls. CPSC is warning consumers about the risk of burns and smoke inhalation associated with the use of Elide brand fire extinguishing balls. These products can fail to extinguish a fire, which could lead to serious injury and death.
EVERCROSS EV5 Hoverboards. CPSC has received one report of a fire, resulting in substantial property damage to a residential building in New York City in May 2023. The company has not agreed to recall these hoverboards or offer a remedy to consumers. CPSC urges consumers to immediately remove the lithium-ion battery packs from the hoverboards and dispose of them following local hazardous waste disposal procedures.

Fire and public safety departments, especially code officials and anyone involved in fire prevention education, should share this information with their community through all means available. Follow CPSC’s social media feeds or sign up to receive email notifications for future product recalls and alerts. Unsafe products can be reported to the CPSC at SaferProducts.gov.

(Sources: CPSC, U.S. House of Representatives, Committee on Homeland Security)

Highlights

Fire is fast – and getting faster: Recent product recalls and the need to educate consumers about fire risks

FEMA releases updated National Incident Management System Guideline for Mutual Aid

Funding available for law enforcement mental health and wellness

Webinar: Building Resilience - The Power of Multifactor Authentication in Public Safety Communications

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

FEMA releases updated National Incident Management System Guideline for Mutual Aid

Mutual aid agreements establish the terms under which one party provides resources — personnel, teams, facilities, equipment and supplies — to another party. These agreements can support all mission areas; they can be established before, during or after incidents; and they can be between all levels of government, nongovernmental organizations and the private sector. Mutual aid does not include direct federal assistance.

The Federal Emergency Management Agency (FEMA) just released an updated guidance document, National Incident Management System for Mutual Aid (Guideline). The Guideline supports the Resource Management component of the National Incident Management System (NIMS) by providing guidance on different types of mutual aid agreements, the key elements of a mutual aid agreement and the key elements of mutual aid operational plans used for implementation.

Since the Guideline was last updated in 2017, it has been expanded to incorporate national stakeholders’ new best practices, strategies, and resources for mutual aid agreements, including:

Impacts and lessons learned from the COVID-19 pandemic on mutual aid operations.
Acknowledgement of legal liabilities for parties in a mutual aid agreement.
Additional special considerations for underserved communities.
Additional emphasis on the importance of a common operating picture.
Guidance for virtual mutual aid delivery in order to provide support in alignment with FEMA lifelines.

The Guideline is available on FEMA’s NIMS Components - Guidance and Tools page.

(Source: FEMA)

Funding available for law enforcement mental health and wellness

The Department of Justice’s (DOJ’s) Office of Community Oriented Policing has announced the availability of $9.8 million in funding for its fiscal year (FY) 2024 Law Enforcement Mental Health and Wellness Act program.

LEMHWA is a competitive grant program that provides funding to improve the delivery of and access to mental health and wellness services for law enforcement.

This FY 2024 funding opportunity will support LEMHWA Implementation Projects. These projects aim to develop knowledge, increase awareness of effective mental health and wellness strategies, increase the skills and abilities of law enforcement, and increase the number of law enforcement agencies and relevant stakeholders using peer support, training, family resources, suicide prevention, and other promising practices for wellness programs.

Proposed projects may serve one agency, a consortium of agencies, or personnel from agencies located within a county or state. All local, state, territorial, and tribal law enforcement agencies that have primary law enforcement authority are eligible to apply.

Each award is two years (24 months) in duration for a maximum of $200,000 per award. There is no local match. Applications are due by Tuesday, April 30, 2024.

Visit cops.usdoj.gov/lemhwa to learn more and apply.

(Source: DOJ)

Webinar: Building Resilience - The Power of Multifactor Authentication in Public Safety Communications

In honor of its third annual National Emergency Communications Month in April, the Cybersecurity and Infrastructure Security Agency (CISA) is hosting a webinar on Wednesday, April 24, at 1 p.m. EDT, Building Resilience: The Power of Multifactor Authentication in Public Safety Communications.

As the emergency communications ecosystem continues to evolve technologically, public safety organizations must take proactive measures to mitigate cybersecurity incidents. By implementing strong authentication methods, such as multifactor authentication (MFA), public safety organizations can protect their communications infrastructure and improve their overall cyber resiliency against malicious hackers.

According to the SAFECOM Nationwide Survey (SNS), 75% of the nation’s local public safety organizations have indicated their organization has been the victim of a cyberattack, yet more than 40% indicated they do not conduct cybersecurity planning or implement any cybersecurity procedures. Only 38% have implemented MFA within their agency to safeguard against common methods of cyberattack such as credential attacks and unauthorized systems access.

This webinar will share best practices for protecting emergency communications systems against cyber threats. Participants will also explore how SNS data informs nationwide efforts outlined in the National Emergency Communications Plan (NECP).

This webinar is part of CISA’s National Emergency Communications Plan (NECP) webinar series. Visit CISA’s website to learn more and register for this webinar.

(Source: CISA)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

Cyber Safety Review Board releases report on Microsoft Online Exchange incident from Summer 2023

On April 2, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recommended specific practices for industry and government to implement to ensure an intrusion of this magnitude does not happen again. Secretary of Homeland Security Alejandro N. Mayorkas received the CSRB report from the Board and delivered it to President Biden. This is the third review completed by the CSRB since the Board was announced in February 2022.

The CSRB’s review found that the intrusion by Storm-0558, a hacking group assessed to be affiliated with the People’s Republic of China, was preventable.

The CSRB recommends specific actions to all cloud service providers and government partners to improve security and build resilience against the types of attacks conducted by Storm-0558 and associated groups. To read the full report, visit the Report on the Microsoft Online Exchange Incident from Summer 2023.

(Source: DHS)

NIST releases Incident Response Recommendations and Considerations for Cybersecurity Risk Management for public comment

Incident response is a critical part of cybersecurity risk management and should be integrated across organizational operations. The six Functions of the NIST Cybersecurity Framework (CSF) 2.0 all play vital roles in incident response.

The National Institute of Standards and Technology (NIST) is releasing the initial public draft of Special Publication (SP) 800-61r3 (Revision 3), Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, for public comment. This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities, as described by CSF 2.0. Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery activities.

The public comment period is open through Monday, May 20, 2024. See the publication details for a copy of the draft and instructions for submitting comments.

(Source: NIST)

Scammers take advantage of Change cyberattack

Scammers are taking advantage of the Change Healthcare cyberattack to steal credit card information, according to the Minnesota Hospital Association and Minnesota Attorney General Keith Ellison.

State hospital associations have received reports from patients who have been targeted by scammers seeking to steal their credit card information, Ellison said. People claiming to be representatives from various healthcare providers are telling patients they will receive refunds if they provide their credit card number, said the notice from the Minnesota AG's office.

Patients should be aware of reports of scammers contacting people around the country, posing as hospital, clinic or pharmacy employees, and asking for credit card information to resolve issues from the Change Healthcare cyberattack, according to the Minnesota Hospital Association.

(Source: Healthcare Finance)

UnitedHealth admits patient data was 'taken' in mega attack

UnitedHealth Group has publicly acknowledged that data was "taken" in the cyberattack on its Change Healthcare unit and said it has started analyzing the types of sensitive personal, financial and health information potentially compromised.

Meanwhile, the U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of leadership of ransomware-as-a-service group BlackCat/Alphv, which claimed to be behind the attack.

The State Department announced the bounty offer Feb. 15, about a week prior to the Change Healthcare attack, which UnitedHealth Group said occurred on Feb. 21.

UnitedHealth Group in its latest attack update on Wednesday said it is "prioritizing" the review of affected data the company believes would likely have contained health information, personal identifiable information, claims and eligibility or financial information.

(Source: Healthcare Info Security)

White House unveils AI governance policy focused on risks, transparency

The White House released its much-anticipated artificial intelligence governance policy Thursday, March 28, establishing a roadmap for federal agencies’ management and usage of the budding technology.

The 34-page memo from Office of Management and Budget Director Shalanda D. Young corresponds with President Joe Biden’s October AI executive order, providing more detailed guardrails and next steps for agencies. It finalizes a draft of the policy that was released for public comment in November.

(Source: Fedscoop)

Cyberattack on city of Pensacola was a ransomware attack, mayor confirms. What happens now

Pensacola Mayor D.C. Reeves confirmed that the cyberattack that shut down city networks and phone systems is a “ransomware incident.” Reeves was unable to say more about the incident because it’s part of an ongoing investigation into who is behind it.

The attack that happened nearly two weeks ago is like another ransomware cyberattack that hit Pensacola in 2019. Hackers infiltrated the city's computer networks, locked down the systems, stole city data, and demanded a ransom for its return.

During his weekly press conference, Thursday, Reeves said those precautions and protocols put in place after the 2019 ransomware cyberattack are paying off as the city deals with this latest attack. The city has been following the emergency plan developed in the wake of that incident and the mayor says it has helped them respond more efficiently and effectively.

The mayor added he doesn’t know how long it will take to wrap up the investigation into the ransomware cyberattack. Multiple agencies are involved, but he said Pensacola Police Department is running the investigation.

(Source: Pensacola News Journal)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.

Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com.

Privacy Policy | GovDelivery is providing this information on behalf of U.S. Department of Homeland Security, and may not use the information for any other purposes.