View as a webpage / Share

Volume 24 — Issue 23 | June 6, 2024

DHS S&T report: Self-contained Breathing Apparatuses (SCBA) Lessons Learned

An open-circuit self-contained breathing apparatus (SCBA) is a life-saving piece of personal protective equipment for firefighters, but the purchase of this equipment is a significant financial investment for fire departments nationwide.

A fire department can evaluate whether an SCBA product will meet most of its requirements simply by verifying the product is certified to industry standards. However, there are a lot of features to consider. Additionally, for some of the newer technologies now available for SCBA’s, such as battery packs and wireless electronic safety features, industry standards may be less mature or not yet established.

To provide some guidance to fire departments, in May, the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) released a report, Self-contained Breathing Apparatuses (SCBA) Lessons Learned.

DHS S&T’s National Urban Security Technology Laboratory (NUSTL) partnered with the Fire Department of the City of New York (FDNY) to conduct a comprehensive evaluation of several open-circuit SCBAs as FDNY was preparing for replacement of its inventory. FDNY conducted operational testing of SCBA models they were considering for purchase.

Where standards certification did not address FDNY requirements, NUSTL commissioned laboratory testing to characterize performance. NUSTL’s testing was particularly focused on some of the newer electronic safety features, such as the ability to connect to wireless networks and facilitate information transmission between SCBAs and incident command.

This report is not focused on product-specific results. Instead, the report offers lessons learned from the rigorous product assessments performed by NUSTL and FDNY. The report is organized into a six-step generalized assessment approach, which may serve as a framework for guiding future SCBA procurements. Within each step, the report provides sets of criteria that NUSTL and FDNY used to evaluate products, focused on usability, wireless electronic safety systems and power supplies.

A user-friendly checklist for applying the six-step methodology is provided in Appendix A. Specific observations, insights and technical details from the FDNY SCBA effort are provided in Appendices B (SCBA requirements), C (SCBA product features), and D (RF-PASS features).

The report notes that the National Fire Protection Association’s (NFPA’s) NFPA 1970, which is scheduled for release in 2024, will be the primary applicable standard for SCBA going forward. NFPA 1970 will be a consolidated standard that will incorporate existing standards for clothing (NFPA 1971), work uniforms (NFPA 1975), self-contained breathing apparatus (SCBA) (NFPA 1981) and personal alert safety system (PASS) devices (NFPA 1982) into one document.

Access NUSTL’s SCBAs Lessons Learned Report on DHS.gov.

(Sources: DHS S&T, NFPA)

Highlights

DHS S&T report: Self-contained Breathing Apparatuses (SCBA) Lessons Learned

AUVSI publishes secure drone procurement guidance for government agencies, public safety, industry

On-demand webinar: EMS Readiness for All Threats – Today and Tomorrow

Webinars on FEMA’s Radiological Emergency Preparedness Program Manual

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

AUVSI publishes secure drone procurement guidance for government agencies, public safety, industry

On June 3, the Association for Uncrewed Vehicle Systems International (AUVSI) announced the publication of a memo, Secure Drone Procurement Guidance: Blue UAS and Green UAS.

The memo was developed with validation from the U.S. Department of Defense’s (DOD’s) Defense Innovation Unit (DIU). It provides procurement guidance and recommendations for federal government agencies; state, local, and tribal government agencies; public safety agencies; and private industry conducting sensitive missions using drones.

The DIU started a project called Blue UAS in 2020, which rapidly vets and scales commercial UAS technology for the DOD. The DIU continues to maintain a Blue UAS Cleared List of approved drones that are validated as cyber-secure and safe to fly for DOD missions.

In close collaboration with DIU, AUVSI launched a Green UAS certification program that mirrors the Blue UAS program. Green UAS Certification serves the commercial and non-defense drone community with access to the same level of verification and certification for cybersecurity and National Defense Authorization Act (NDAA) supply chain compliance.

AUVSI’s memo follows the passage of the American Security Drone Act (ASDA) into law in December 2023 and publication of a joint memo from the FBI and CISA in January 2024 titled Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS).

(Sources: AUVSI, DOD)

On-demand webinar: EMS Readiness for All Threats – Today and Tomorrow

The U.S. Department of Health and Human Services (HHS) Administration for Strategic Preparedness and Response (ASPR) launched its Project ECHO Clinical Readiness Rounds series earlier this year.

These rounds are a new, virtual, peer-to-peer learning series focused on sharing clinical challenges and successes in preparing for and responding to disasters from all threats. Each round provides the opportunity for real-time, multi-disciplinary, peer-to-peer learning on promising practices in critical care, emergency department, and emergency medical services (EMS) patient care and operations.

The HHS/ASPR Project ECHO Clinical Readiness Rounds are hosted on the University of New Mexico’s iECHO platform. This series is a public-private collaboration between ASPR and the University of New Mexico’s Project ECHO (Extension for Community Healthcare Outcomes).

The series format builds on the success of HHS/ASPR Project ECHO’s COVID-19 Clinical Rounds between March 2020 and February 2022. Sessions are eligible for Continuing Medical Education (CME) credits. Registration is open to the public and, once registered, video recordings and slides are accessible within iECHO following each session.

In May, in recognition of the 50^th anniversary of EMS Week, one of Project ECHO’s Clinical Readiness Rounds was “EMS Readiness for All Threats: Today & Tomorrow.” The recording of this session is now available on the iECHO platform.

This session featured the following three speakers, who spoke to how the 911 system, EMS agencies who respond to emergency calls for service, and EMS interfacility transport services are each prepared to respond to disasters and all threats today:

• Harriet Rene-Brown, Executive Director of the National Association of State 911 Administrators (NASNA).
• Carol Cunningham, State Medical Director of the Ohio Department of Public Safety, Division of EMS.
• Tyanie Gordon, Medical Section Chief at the National Command Center of Global Medical Response (GMR).

The session’s discussions were supported by an expert panel:

• Kristy Koenig, EMS Medical Director for San Diego County, California
• Doug Kupas, EMS and Emergency Physician with Geisinger Health System in Danville, Pennsylvania and President Elect for the National Association of EMS Physicians (NAEMSP).
• Paul Biddinger, Emergency Physician, Director for the Center for Disaster Medicine and Chief Preparedness and Continuity Officer at Mass General Brigham in Boston, Massachusetts.
• David Gerstner, MMRS Coordinator at City of Dayton Fire Department, Dayton, Ohio.
• Bruce Evans, Immediate Past President of the National Association of Emergency Medical Technicians (NAEMT) and Fire Chief, Upper Pine River Fire Protection District in Durango, Colorado.
• Alexander P. Isakov, Executive Director and Professor of Emergency Medicine, Emory School of Medicine.

HHS/ASPR Project ECHO Clinical Readiness Rounds occur every first and third Tuesday of each month through September 2024. Emergency sessions may be added as needed. The next session will occur on Tuesday, June 18 and the topic will be “Health care readiness for civil unrest.”

Register for the series at iecho.org to receive email notifications about upcoming rounds as topics and speakers are announced.

(Source: HHS/ASPR Project ECHO)

Webinars on FEMA’s Radiological Emergency Preparedness Program Manual

The Federal Emergency Management Agency (FEMA) will host a series of four 60–90-minute webinars in June to provide an overview of notable changes found in the 2023 Radiological Emergency Preparedness (REP) Program Manual.

FEMA’s REP Program Manual provides planning and assessment guidance for state, local, tribal, and territorial (SLTT) partners in the vicinity of a commercial nuclear power plant. The manual supports FEMA’s Radiological Emergency Preparedness Program, which helps to ensure the health and safety of the nearly three million people who live within 10 miles of an operating nuclear power plant in the United States.

The REP Program Manual is divided into five distinct parts. Each of the following webinars in this series will provide an overview of changes to one or more parts of the 2023 edition of the manual:

• Week 1 – Thursday, June 6, 2024, 1 p.m. EDT. Part I: The Rep Program, IV: FEMA REP Program Administration, and Appendices.
• Week 2 – Thursday, June 13, 2024, 1 p.m. EDT. Part II: REP Planning Guidance.
• Week 3 - Thursday, June 20, 2024, 1 p.m. EDT. Part III: REP Program Assessment Policies and Guidance.
• Week 4 – Thursday, June 27, 2024, 1 p.m. EDT. Part V: REP Program Alert and Notification System Guidance.

Visit FEMA.gov to learn more and register for one or more webinars in this series.

(Source: FEMA)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

A plan to protect critical infrastructure from 21st century threats

On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and all-hazard threats. NSM-22 recognizes the changed risk landscape over the past decade and leverages the enhanced authorities of federal departments and agencies to implement a new risk management cycle that prioritizes collaborating with partners to identify and mitigate sector, cross-sector, and nationally significant risk. The culmination of this cycle is the creation of the 2025 National Infrastructure Risk Management Plan (National Plan)—updating and replacing the 2013 National Infrastructure Protection Plan—and will guide federal efforts to secure and protect critical infrastructure over the coming years.

As the National Coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) will develop this National Plan to be forward-looking and employ all available federal tools, resources, and authorities to manage and reduce national-level risks, including those cascading across critical infrastructure sectors.

CISA will look to its partners to help it and the other Sector Risk Management Agencies (SRMAs) over the course of the year as we develop this foundational document.

(Source: CISA)

NIST getting outside help for National Vulnerability Database

The National Institute for Standards and Technology (NIST) informed the cybersecurity community in February that it should expect delays in the analysis of Common Vulnerabilities and Exposures (CVE) identifiers in the NVD, saying that it was working to establish a consortium to improve the program.

In an update shared in April, NIST admitted that there was a growing backlog of vulnerabilities submitted to the National Vulnerability Database (NVD) that required analysis, blaming the issue on an increase in the number of vulnerabilities, as well as “change in interagency support”.

While looking for long-term solutions to this problem, the agency has been prioritizing the analysis of the most serious vulnerabilities. In its latest update, shared on May 29, NIST said it has awarded a contract for additional processing support for the NVD.

Regarding the backlog of unprocessed CVEs, NIST noted that it’s also working with CISA to add the unprocessed vulnerabilities to the database. The organization expects to clear the backlog by the end of the fiscal year. The government’s fiscal year ends on September 30.

(Source: Security Week)

FCC vote on tap for rules to secure fundamental component of the internet

The Federal Communications Commission is set to vote Thursday on advancing a proposal to improve security for a key component of the modern internet, a rule that eases some — but not all — of the criticisms of the agency’s previously stated plans for strengthening the Border Gateway Protocol.

Under the proposed rule, broadband internet providers would have to develop and maintain secure internet routing plans. The nine largest providers would be required to file quarterly reports with the FCC on their efforts.

“Whether you’re banking online, using telemedicine to see the doctor, or attending school remotely, you rely on a set of technical rules called the Border Gateway Protocol (BGP) to route your data efficiently,” FCC Chairwoman Jessica Rosenworcel said in May when announcing the rule. “This protocol was designed for expediency, not security. Accordingly, it lacks explicit security features, which has allowed criminals to ‘hijack’ online traffic.”

(Source: Cyberscoop)

HC3 Analyst Note: Healthcare Sector DDoS Guide

A Distributed-Denial-of-Service (DDoS) attack is a type of cyber attack in which an attacker uses multiple systems, often referred to as a botnet, to send a high volume of traffic or requests to a targeted network or system, overwhelming it and making it unavailable to legitimate users. With the number of attacks increasing every year, they can come at any time, impact any part of a website’s operations or resources, and lead to massive amounts of service interruptions and huge financial losses.

In the health and public health (HPH) sector, they have the potential to deny healthcare organizations and providers access to vital resources that can have detrimental impact on the ability to provide care. Disruptions due to a cyberattack may interrupt business continuity by keeping patients or healthcare personnel from accessing critical healthcare assets such as electronic health records, software based medical equipment, and websites to coordinate critical tasks.

As such, this comprehensive DDoS guide is intended for target healthcare audiences to understand what DDoS attacks are; what causes them; types of DDoS attacks with timely, relevant examples; and mitigations and defenses against a potential attack.

(Source: HHS HC3)

FBI cyber lead urges potential LockBit Victims to contact Internet Crime Complaint Center

FBI Cyber Division Assistant Director Bryan Vorndran on June 5 highlighted the Bureau’s “ongoing disruption” of the LockBit ransomware group and its affiliates, and urged potential victims to contact the Bureau’s Internet Crime Complaint Center (IC3).

The Bureau now has more than 7,000 LockBit decryption keys in its possession, Vorndran said in a keynote at the 2024 Boston Conference on Cyber Security. We can use these keys to help victims get their data back, he noted. Potential victims can contact IC3 by visiting our LockBit Victim Reporting Form at lockbitvictims.ic3.gov.

The LockBit ransomware variant has been utilized in over 2,400 cyberattacks around the world—more than 1,800 of which impacted victims in the U.S.—he said. These attacks have targeted various sectors and racked up “billions of dollars in damages,” Vorndran said. A recent international “operation to disrupt and seize” LockBit infrastructure and to sanction the group and its affiliates revealed that the group and its affiliates retained victim data, even after victims had paid them ransoms.

(Source: FBI)

White paper: Public water and wastewater sector face mounting cyber threat

The Center for Internet Security, Inc. (CIS®) Cyber Threat Intelligence (CTI) team assesses that U.S. State, Local, Tribal, and Territorial (SLTT) government-operated U.S. water and wastewater systems (WWS) will likely continue to face a mounting threat from cyber threat actors (CTAs) over the next year, largely driven by recent global conflicts. This assessment is based on CTAs’ demonstrated ability and intention to exploit vulnerable WWS to achieve geopolitical, financial, or data-collection goals.

SLTT entities operating WWS must confront an increasing number of cyber threats including ransomware, insider threats, hacktivism, state-sponsored CTAs, and attacks exploiting unpatched legacy systems. Cyberattacks targeting WWS also threaten significant downstream impacts due to factors including inhibiting access to safe drinking water, wastewater function, and strains on the supply chain.

Refer to the end of CIS’ white paper for tailored guidance and resources for better securing WWS and operational technology (OT) against the spectrum of cyber threats.

(Source: CIS)

Ascension: Cybersecurity Event Update

In a June 5 statement, Ascension Health provided the following update on the cyberattack that occurred in early May:

Restoring Electronic Health Record (EHR) access has been among the top priorities of our recovery process. We are encouraged to report positive developments in these efforts and can announce that we have successfully restored EHR access in our Florida, Alabama, Austin, Tennessee and Maryland markets.

Based on what we have learned about this process to date, we are working toward completing EHR restoration across our entire ministry by the end of the week ending June 14.

As EHR is restored across the entirety of our networks, clinicians will be able to access patient records as they did prior to this incident. While these are promising developments in our recovery efforts, our investigation into this incident remains ongoing, along with the remediation of additional systems.

Additionally, Ascension Rx retail, home delivery and specialty pharmacy sites are now open and able to meet your prescription needs. This means that healthcare providers are able to transmit prescriptions electronically and can send prescriptions to Ascension Rx pharmacies for their patients.

(Source: Ascension Health)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.