|
Volume 24 — Issue 26 | June 27, 2024 |
|
|
In December 2023, the Occupational Safety and Health Administration (OSHA) announced a notice of proposed rulemaking to update an existing standard and expand safety and health protections for firefighters, emergency medical service providers and technical search and rescue workers.
The proposed rule, Emergency Response, modernizes OSHA’s existing "Fire Brigades" standard (29 CFR 1910.156), which has only had minor updates since it was first published in 1980.
The Fire Brigades standard currently applies to a narrow audience of workers, namely, fire brigades, industrial fire departments and private or contractual fire departments. This standard was originally intended to be used by employers who have a subset of employees assigned to fight fire in the early stages while waiting for their jurisdiction’s fire department to arrive on scene. These employees do not necessarily perform emergency response functions as part of their regular, everyday jobs.
OSHA intends to use the “Fire Brigades” standard as a baseline for a significant update to OSHA 1910.156. The new standard, which will be re-titled “Emergency Response,” would apply to a much broader audience of emergency workers and would address a much broader range of occupational hazards.
The proposal calls for comprehensive changes to emergency response, including staffing, training, apparatus readiness, and protective clothing and equipment. The new standard would also require employers to obtain baseline medical screenings for emergency responders and provide access to behavioral health resources.
Since this update will have a significant impact on emergency response agencies across the country, OSHA strongly encourages participation from all emergency services stakeholders in the public comment process. OSHA has extended the deadline for comment on the proposed standard to July 22, 2024.
In March 2024, the U.S. Fire Administration (USFA) interviewed OSHA’s Director of Standards and Guidance. The interview discussed the history of the Fire Brigades standard and a brief overview of OSHA’s purpose in making the changes in the proposed Emergency Response standard. It also discussed the process for submitting comments.
In May, the International Association of Fire Chiefs (IAFC) published a statement explaining its role in helping to draft the standard, what the new standard covers, and how IAFC is responding to OSHA’s proposed rule with its own comments.
Earlier in June, the International Association of Fire Fighters (IAFF) released a statement and conducted a webinar. In the webinar, IAFF staff provided an overview of the changes, discussed the importance of health and safety standards, and reviewed OSHA’s process for submitting comments.
The National Volunteer Fire Council (NFVC) is continually updating an OSHA Proposed Emergency Response Standard page with resources to help fire departments understand the new standard and develop comments to submit to OSHA. The NVFC will be holding virtual Help Desk hours throughout June and July to provide guidance on how to write effective comments. Several recorded webinars, numerous guidance documents, and the schedule for Help Desk hours are available on this page.
OSHA is maintaining a page dedicated to the Emergency Response Rulemaking where you can learn more about the background of the ruling, access the proposed rule in the Federal Register, and see any announcements from OSHA as they are posted.
The resources linked above can assist emergency response stakeholders in understanding how the updated standard will impact how they provide safety and health protections for their firefighters, emergency medical service providers and technical search and rescue workers.
Many of the above resources will also help agencies craft effective comments during the public comment period, which will in turn help OSHA develop a final standard that is both effective and feasible for the nation’s emergency services. Submit comments to OSHA by Monday, July 22, 2024.
(Sources: OSHA, USFA, IAFF, IAFC, NVFC)
|
|
|
On June 24, the Federal Bureau of Investigation (FBI) released its annual report, 2023 Active Shooter Incidents in the United States.
The purpose of the report is to provide an overview of active shooter incidents to help law enforcement, other first responders, and the public better understand the levels of threats associated with active shooter incidents. The focus of the report encourages media, law enforcement, and public information officers to shift their focus from the perpetrators of active shooter incidents toward the victims, survivors, and heroes who stopped them, as well as the communities that come together to help in the healing process.
In 2023, the FBI designated 48 shootings as active shooter incidents. Although incidents decreased by 4% from 2022 (50 incidents), the number of active shooter incidents increased 60% since 2019 (30 incidents). The 48 active shooter incidents in 2023 occurred in 26 states and represent five location categories, including open space, commerce, education, health care, and residence.
During the five-year period between 2019 and 2023, there were 229 active shooter incidents occurring in 44 states and the District of Columbia, across seven location categories including commerce, open space, education, government, residence, health care, and house of worship. There was an 89% increase in active shooter incidents (121) from the previous five-year period (2014–2018).
See the FBI’s news release to learn more and access this year’s report.
(Source: FBI)
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC), publishes the SAFECOM Guidance on Emergency Communications Grants (SAFECOM Guidance).
Updated every year in coordination with stakeholders, the SAFECOM Guidance assists entities planning or applying for federal financial assistance funding to invest in emergency communications projects. Specifically, the guidance provides information to recipients on eligible activities, technical standards, and other terms and conditions common to most federal emergency communications grants.
CISA, SAFECOM, and the NCSWIC consulted federal partners and the Emergency Communications Preparedness Center to ensure emergency communications policies are coordinated and consistent across the federal government. This year’s guidance reflects the current cybersecurity and critical infrastructure landscapes, investment priorities, technical standards, and available supporting materials for implementing emergency communications projects.
Grant applicants are encouraged to reference this document when developing emergency communications investments for federal funding, and to direct any questions to emergency-comms-grants@cisa.dhs.gov. For more information, please visit the SAFECOM Funding Resources webpage at cisa.gov/safecom/funding.
(Source: CISA)
Airway management is a foundational component of prehospital emergency care. Emergency medical services (EMS) practice now includes a range of airway techniques. However, evidence is still lacking as to which of these airway management approaches under which circumstances have the best outcomes.
In 2022, the National Association of EMS Physicians (NAEMSP) published a Compendium of Airway Management Position Statements and Research Documents. This compendium is comprised of best practices for training, quality management, pediatric considerations, and more related to airway management practices. This publication was a major effort to formulate practical guidance based on existing evidence.
In early 2024, a project led by the National Association of State EMS Officials (NASEMSO) published an Evidence-Based Guideline (EBG) for Prehospital Airway Management. This publication focused on interpretation of a vast amount of evidence to determine which airway management practices had the best patient outcomes.
These projects found a few best practices that were clearly associated with improved patient outcomes, and the National EMS Quality Alliance (NEMSQA) is now piloting the implementation of improvement measures associated with some of these best practices:
- Airway-01. Successful first advanced airway placement without hypotension or hypoxia (first pass success)
- Airway-18. Use of waveform capnography for tube placement confirmation and monitoring.
- Respiratory-02: Patients with hypoxia during which oxygen is administered.
Earlier this month, NEMSQA’s EMS Quality Improvement Partnership (EQuIP) announced its project to implement these improvement measures with EMS agencies across the country.
The goal of the project is to support national improvement in the safety and effectiveness of invasive airway management by focusing on two goals: improving the use of waveform capnography to confirm and monitor all invasive airways and reducing the adverse events such as peri-intubation hypoxia and hypotension.
The implementation efforts will occur throughout 2024 and 2025, with a final change package scheduled to be completed in the fall of 2025. Participation in this project is limited to 50 EMS agencies, but all EMS agencies will be able use the final outcomes of this project to operationalize evidence-based care in their own agencies.
NEMSQA held an informational webinar on June 6 and the recording of this webinar is now available on NEMSQA’s YouTube channel. View the webinar and visit NEMSQA’s Airway Collaborative project page to learn more.
(Sources: NEMSQA, NASEMSO, NAEMSP)
|
|
CISA and partners release guidance for Exploring Memory Safety in Critical Open Source Projects
On June 26, CISA, in partnership with the FBI, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS).
This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software manufacturers to create memory safe roadmaps, including plans to address memory safety in external dependencies which commonly include OSS. Exploring Memory Safety in Critical Open Source Projects also aligns with the 2023 National Cybersecurity Strategy and corresponding implementation plan, which discusses investing in memory safety and collaborating with the open source community—including the establishment of the interagency Open Source Software Security Initiative (OS3I) and investment in memory-safe programming languages.
(Source: CISA)
Social engineering tactics targeting healthcare & public health entities and providers
The FBI and the Department of Health and Human Services (HHS) are releasing this joint Cybersecurity Advisory (CSA), Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used in a social engineering campaign targeting healthcare, public health entities, and providers. Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts. Healthcare organizations are attractive targets for threat actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions. The FBI and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of social engineering incidents.
(Source: FBI)
|
|
Manufacturing cybersecurity at heart of new White House guidance
The Department of Energy released a new framework of best practices for securing clean energy cyber supply chains, including key technologies used to manage and operate electricity, oil and natural gas systems. The principles outline 10 best cybersecurity practices for suppliers, as well as 10 for consumers, with a focus on risk management, transparency, operational resilience and proactive incident response. The Biden administration called out the heightened need for such guidance as the threat of cyberattacks against the energy sector continues to grow from foreign and domestic actors.
The Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response developed the guidelines with input from energy automation and industrial control system manufacturers, as well as the Idaho National Laboratory, which specializes in cybersecurity research.
(Source: Cybersecurity Dive)
CISA: Chemical Security Assessment Tool (CSAT) Ivanti Notification
CISA's Chemical Security Assessment Tool (CSAT) was the target of a cybersecurity intrusion by a malicious actor from January 23-26, 2024. While CISA’s investigation found no evidence of exfiltration of data, this intrusion may have resulted in the potential unauthorized access of Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program (PSP) submissions, and CSAT user accounts.
Following the reporting requirements under the Federal Information Security Modernization Act (FISMA), CISA notified participants in the Chemical Facility Anti-Terrorism Standards (CFATS) program about the intrusion and the potentially impacted information.
In addition to the notifications, CISA is hosting two webinars for stakeholders during which we will review the information provided in the frequently asked questions. The first webinar was held Monday, June 24, 2024, at 2:30 p.m. EDT (11:30 a.m. PDT). The next webinar will be held on Tuesday, July 9, 2024, at 2:30 p.m. ET (11:30 a.m. PDT).
(Source: CISA)
Michigan county restores 80 percent of systems after cyberattack
The computer-aided dispatch system for Grand Traverse County's 911 service is officially back online following a cyberattack that disabled the system and many other governmental services.
The CAD software dispatches call data to mobile devices mounted in patrol cars, fire engines and ambulances. It also provides important online services for the county's corrections and records departments. As such, it serves a larger public safety role than just 911 data alone.
Since the June 12 cyberattack, first responders had been relying on radios and cellphones to communicate with the central dispatch center — and each other.
Emergency services were still available to the public during that time, though without the detailed information that usually flowed through the CAD system, such as mapping resources and the location of nearby patrol units.
Now that problem has been largely solved by migrating to a cloud-based solution. Instead of running the Tyler Technologies software on local servers, the software will reside on secure internet servers maintained and protected by the Texas-based company.
Grand Traverse County has insurance coverage for cyberattacks, but it typically doesn't pay for upgrades of this sort.
(Source: Government Technology)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
