|
Volume 24 — Issue 20 | May 16, 2024 |
|
|
May is Mental Health Awareness Month. Public safety workers are at a high risk of occupational exposure to traumatic events and stress which can lead to mental health issues. Effective mental health programs are critical for addressing the unique challenges these workers face.
Last week, a NIOSH Science Blog discussed the unique mental health challenges for the public safety sector and how these are being addressed by workplace mental health programs. This blog captures the outcomes of a meeting held in February 2024 by the National Occupational Safety and Health Administration’s (NIOSH’s) National Occupational Research Agenda (NORA) Public Safety Sector Council. The meeting included representatives across the public safety sector.
The blog discusses the types of workplace mental health programs currently being implemented for each of five major subdisciplines in public safety: the fire service, emergency medical services (EMS), law enforcement, wildland firefighters, and corrections workers.
The blog also summarizes efforts to evaluate the effectiveness of existing mental health programs in the public safety sector and the reasons why effective evaluation can be challenging. The meeting participants acknowledged a need for more experimental, controlled studies evaluating the effectiveness of mental health programs for public safety workers.
NIOSH invites the public safety community to engage in this important discussion with several questions:
- Does your organization have programs to support your mental health and well-being?
- Do you feel these programs are effective?
- In your opinion, how do you feel these programs could be improved to support employees in your workplace?
Read the full May 9 NIOSH Science Blog to learn more. Please consider sharing your organization’s efforts related to workplace mental health with NIOSH and the larger public safety community by posting answers to the above questions using the form at the end of the blog.
(Source: NIOSH)
|
|
|
The Federal Emergency Management Agency (FEMA) and the Department of Homeland Security’s (DHS’s) Center for Faith-Based and Neighborhood Partnerships are seeking feedback on the draft, Engaging Faith-Based and Community Organizations: Planning Considerations for Emergency Managers.
This document, an update to the original version released in 2018, outlines best practices for engaging faith-based and community organizations before, during, and after disasters to help jurisdictions improve their resilience and emergency management capabilities. Once engaged, these organizations become significant force multipliers, particularly in reaching high-risk and historically underserved community members. Lessons learned from real-world events and updates to FEMA programs since 2018 have resulted in additional considerations and resources for faith-based and community organizations.
A line-numbered version of the draft guide is provided to help identify specific areas or topics for potential update. The feedback form can be used to capture any recommendations. Email feedback or questions to NPD-Planning@fema.dhs.gov. The feedback period will conclude at close of business on June 21, 2024.
FEMA is hosting several 60-minute webinar sessions to provide an overview of the draft document and facilitate discussion with participants to gather feedback on additional ways to improve the guide.
To learn more about the update effort and listening sessions, please visit the FEMA website at https://www.fema.gov/emergency-managers/national-preparedness/plan
(Source: FEMA)
On April 30, the White House proclaimed the month of May as National Building Safety Month. The President recognized the vital efforts of building professionals, who make the nation’s buildings stronger, more sustainable, and more resilient. The proclamation also highlighted the launch of the National Initiative to Advance Building Codes in 2022 and the ongoing efforts FEMA to help communities devastated by floods, fires, tornadoes, and hurricanes to rebuild more safely by incentivizing the adoption of modern building codes.
The International Code Council (ICC) is leading its 44th annual Building Safety Month campaign this year. The campaign raises awareness about building safety and reinforces the need for the adoption of modern, regularly updated building codes. It also helps individuals, families and businesses understand what it takes to create safe and sustainable structures.
The theme for 2024 is “Mission Possible,” because building safety is a collective mission achievable through collaborative efforts. The ICC has organized the campaign around specific themes for each week of the month. Short videos and shareable social media materials for each week are posted on the ICC’s campaign website. FEMA is participating in the campaign and has released video shorts that amplify the weekly themes:
In week 1, FEMA featured several resources for public safety officials, homeowners and occupants, and children on the basics of building codes. These included FEMA’s latest national statistics on building code adoption. FEMA released its 2024 Building Code Adoption Tracking (BCAT) Fact Sheets in February. Each Fact Sheet provides the latest statistics on the percentage of communities who have adopted hazard-resistant building codes for each state in that region. Additionally, FEMA has released several educational videos for officials involved in adopting and enforcing building codes that serve as a companion to the Building Codes Adoption Playbook.
In week 2, the ICC highlighted several resources for communities to prepare a building safety plan to keep themselves and their loved ones safe and to limit damages to buildings from natural hazards. FEMA highlighted many of its resources for making a plan ahead of a disaster, including the FEMA App, how to get emergency alerts, and the complete set of Hazard Information Sheets available on Ready.gov.
Sign up for FEMA’s Building Science newsletter to receive updates highlighting FEMA’s Building Safety Month resources for Weeks 3, 4, and 5, and other news from FEMA Building Science throughout the year.
Visit the ICC’s Building Safety Month website and FEMA’s Building Science website for many more resources to share within your communities this month and year-round. Use hashtag #BuildingSafetyMonth2024 to share on social media.
(Sources: ICC, FEMA)
The State and Local Anti-Terrorism Training (SLATT) Program, funded by the Bureau of Justice Assistance (BJA), is hosting two webinars for law enforcement officers in June on how to build a threat assessment threat management team (TATM) as a means of preventing or mitigating the risk of targeted violence. Each webinar will cover the same information.
-
Webinar 1 - Tuesday, June 11, 2024, at 1 p.m. EDT.
-
Webinar 2 – Wednesday, June 26, 2024, at 1 p.m. EDT.
The webinars will be delivered by subject-matter experts leading TATM prevention efforts within their law enforcement organizations. The webinars build on the concept of TATMs as an evolving solution to targeted violence. Utilizing case studies, the presentation details how to build scalable TATMs, while also addressing the challenges and lessons learned from both a law enforcement and clinical perspective.
While the above training opportunities are targeted specifically to law enforcement, TATM is a multidisciplinary model. The Joint Counterterrorism Assessment Team (JCAT) is a fellowship program providing opportunities for first responders and public safety professionals from around the country to work side-by-side with federal intelligence analysts from the National Counterterrorism Center (NCTC). JCAT has developed several First Responder’s Toolboxes on TATM for the broader public safety community:
(Sources: BJA, SLATT, NCTC)
|
|
ASD’s ACSC, CISA, and partners release Secure by Design Guidance on Choosing Secure and Verifiable Technologies
On May 9, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ) are releasing the following guidance: Secure by Design Choosing Secure and Verifiable Technologies. This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services.
The guidance contains a range of internal and external considerations and offers sample questions to leverage at each stage of the procurement process. Additionally, the guidance informs manufacturers on steps they should be taking to align their development processes to secure by design principles and practices.
(Source: CISA)
CISA and partners release advisory on Black Basta ransomware
On May 10, CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) #StopRansomware: Black Basta to provide cybersecurity defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by known Black Basta ransomware affiliates and identified through FBI investigations and third-party reporting.
Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. Black Basta affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.
(Source: CISA)
|
|
Black Basta ransomware is toying with critical infrastructure providers, authorities say
Black Basta ransomware has targeted healthcare and other critical infrastructure providers in recent months, impacting more than 500 organizations around the world as of this month, the FBI and CISA warned Friday in a joint advisory with the Department of Health and Human Services and MS-ISAC. The alert comes just after a ransomware attack hit Ascension, a major healthcare provider that was forced to divert patients last week.
Black Basta ransomware has targeted 12 of the 16 government-designated critical infrastructure sectors. Federal authorities have also linked the ransomware-as-a-service group to exploitation of critical vulnerabilities in ConnectWise ScreenConnect since February.
Black Basta is using a social engineering campaign to target managed detection and response security tool users, according to research released Friday by Rapid7. Users have been prompted to download remote management tools, such as AnyDesk or Microsoft’s Quick Assist feature.
(Source: Cybersecurity Dive)
NIST finalizes updated guidelines for protecting sensitive information
Contractors and other organizations that do business with the federal government now have clearer, more straightforward guidance for protecting the sensitive data they handle.
The National Institute of Standards and Technology (NIST) has finalized its updated guidelines for protecting this data, known as controlled unclassified information (CUI), in two publications: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171, Revision 3), and its companion, Assessing Security Requirements for Controlled Unclassified Information (NIST SP 800-171A, Revision 3).
These guidelines require organizations to safeguard CUI such as intellectual property and employee health information. Systems that process, store and transmit CUI often support government programs involving critical assets, such as weapons systems and communications systems, which are potential targets for adversaries.
The two publications draw on NIST’s source catalog of security and privacy controls (NIST SP 800-53) and assessment procedures (NIST SP 800-53A). Before this update, the wording of these documents did not match the language of the source catalogs, potentially creating ambiguity in the security requirements and uncertainty in security requirement assessments. The update is designed to address these issues and also streamline and harmonize NIST’s portfolio of cybersecurity guidance.
(Source: NIST)
NIST releases draft Interagency Report 8498 “Cybersecurity for Smart Inverters” for public comment
On May 10, NIST's National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST Interagency Report (NIST IR) 8498, Cybersecurity for Smart Inverters: Guidelines for Residential and Light Commercial Solar Energy Systems, for public comment.
The use of small-scale solar energy systems to generate electricity continues to increase. Smart inverters provide two critical functions to a small-scale solar energy system: they convert the direct current (DC) produced by solar panels to the alternating current (AC) used in homes and businesses, and they manage the flow of excess energy to the local electric grid.
This report provides practical cybersecurity guidelines for small-scale solar inverter implementations typically used in homes and small businesses. The report also presents recommendations to smart inverter manufacturers to improve the cybersecurity capabilities in their products.
The public comment period is open through June 10, 2024. See the publication details for a copy of the draft and instructions for submitting comments.
(Source: NIST)
Northern California city suffers second cyberattack in less than a month
The City of St. Helena, California, on Monday suffered a cyberattack that forced officials to shut down the city’s computer systems and public library as a cautionary measure.
The city, which sits about 65 miles north of San Francisco in Napa Valley, is working with the Northern California Computer Crimes Task Force, a company that provides computer forensic assistance to law enforcement agencies, to investigate the cyberattack, according to an emailed statement from the city. According to the statement, upon initial review, the cyberattack may have compromised more than 20 computers and a network server.
The city said its antivirus system blocked numerous attacks starting at 1:30 a.m. on Monday and that the virus appears similar to one that has struck other cities in California, including Oakley, which suffered a cyberattack in February.
The city claims the cyberattack did not affect water and wastewater plants or emergency services because they operate on separate networks.
(Source: Statescoop)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
