|
Volume 24 — Issue 31 | August 1, 2024 |
|
|
On July 23, the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) published a notice in the Federal Register that it intends to hold a virtual, informal hearing on Nov. 12, 2024, to hear comments and testimony from the public on OSHA’s proposed Emergency Response standard.
In February 2024, OSHA issued a notice of proposed rulemaking to replace the “Fire Brigades” standard, published in 1980. The newly named “Emergency Response” standard would expand safety and health protections for emergency responders, including firefighters, emergency medical service providers and technical search and rescue workers. It would align these safety and health protections with current national consensus standards for workers exposed to hazards related to fires and other emergencies.
The online hearing will allow stakeholders from across the country to participate. OSHA encourages first responders to join the meeting to share their opinions.
OSHA held a public comment period that was originally scheduled to end May 6, 2024, but was extended twice in response to public demand. The comment period finally closed on July 22, although OSHA is still accepting public input via the Nov. 12 hearing. All comments submitted during the comment period can now be viewed within the docket associated with the proposed rule (Docket No. OSHA-2007-0073) on Regulations.gov.
To date, various national emergency services stakeholder groups have released position statements or submitted formal comments to OSHA, including the International Association of Fire Chiefs (IAFC), the International Association of Fire Fighters (IAFF), the National Volunteer Fire Council (NFVC), the National Association of State Foresters (NASF), the American Hospital Association (AHA), and the National Association of Emergency Medical Technicians (NAEMT). Many more comments were submitted at the state and local levels across the country.
The online hearing will be held Tuesday, Nov. 12 at 9:30 a.m. EST. If needed, the hearing will be extended from 9:30 a.m. to 4:30 p.m. EST on subsequent weekdays.
Visit OSHA’s Emergency Response Rulemaking page to learn more and stay up to date with the latest announcements from OSHA on the ruling. As the date of the hearing approaches, details about how to attend will be posted on this page.
(Sources: OSHA, IAFC, IAFF, NVFC, NASF, AHA, NAEMT)
|
|
|
The U.S. Department of Agriculture, Forest Service (Forest Service) has been undertaking large prescribed fire projects as part of its Wildfire Crisis Strategy, first launched in 2022, to address the fact that the pace and scale of fuels treatments on public lands are not keeping up with the growing wildfire risk.
In the spring of 2023, the Stanislaus National Forest tested a mass mobilization strategy to accomplish prescribed burning goals. With mentoring from the Forest Service’s National Incident Management Organization (NIMO), forest staff decided to approach spring burning like it was a wildfire and established an incident management organization (IMO) to support the burn bosses responsible for implementation. Some of the strategies tested during this project were developed as part of NIMO’s National Prescribed Fire Resource Mobilization Strategy, which was released in June 2023.
With support from forest leadership, fire management personnel were permitted to try different approaches and adapt familiar systems and processes to work within this novel approach to prescribed fire. While many of the actions were the same as on a wildfire during mobilization, the mechanisms were different. With a relatively short span of time between the mobilization decision and favorable burn windows, the IMO spent a significant amount of time doing work that could have been preplanned.
The Forest Service has just released a report on this project, Large-Scale Prescribed Fire Incident Mobilization: A Case Study on the Stanislaus National Forest – Facilitated Learning Analysis. This 55-page report offers lessons learned that will help with the development of strategies to increase the scale and pace of implementing prescribed fire.
This report is available within the National Wildfire Lessons Learned Center’s (NWLLC) Incident Review Database and the Fire Research and Management Exchange System’s (FRAMES) Resource Catalog.
(Sources: Forest Service, NWLLC, FRAMES)
School-based law enforcement (SBLE) and school resource officers (SROs) work with school officials and community-based organizations to protect K-12 schools from a range of safety and security threats. They can also serve in important roles in assisting K-12 stakeholders with creating and implementing physical security plans.
In July, the Cybersecurity and Infrastructure Security Agency (CISA) released a K-12 School Security Guide Companion Product for School-Based Law Enforcement and School Resource Officers.
This new resource is the first in a series of companion products planned for release in the coming year to augment CISA’s K-12 School Security Guide as part of its K-12 School Security Guide Product Suite. The series will serve as streamlined and tailored guides for specific stakeholders within the K-12 and school safety communities.
The K-12 School Security Guide Companion Product assists SBLE and SROs with:
- Using key concepts and principles from CISA’s K-12 School Security Guide to apply physical security guidance and best practices.
- Supporting the five core elements that comprise a school’s physical security system.
- Participating in the school security planning process.
- Leveraging the School Security Assessment Tool to help assess vulnerabilities across a K-12 campus.
This Companion Product also includes a series of next steps and accompanying resources to help SBLE and SROs support physical security planning and improvement initiatives within their K-12 communities.
Access the K-12 School Security Guide Companion for School-Based Law Enforcement and School Resource Officers within CISA’s K-12 School Security Guide Product Suite.
(Source: CISA)
The Federal Emergency Management Agency’s (FEMA’s) Resilience Analysis Branch (RAB) will host a webinar on Wednesday, Aug. 7, from 4-5 p.m. EDT, Resilience Analysis and Planning Tool Webinars: What’s New and Improved in RAPT - Webinar 3.
FEMA’s Resilience Analysis and Planning Tool (RAPT) is a free, geographic information system (GIS) tool that helps emergency managers and community partners visualize, prioritize and implement strategies to build resilience.
For the fifth consecutive year, FEMA is announcing updates to RAPT. The 2024 update includes new census data from the American Community Survey five-year estimate (2018-2022) and updated Community Resilience Challenges Indices (CRCI) for counties and census tracts. The web map allows users of all GIS skill levels to combine layers of community resilience indicators, infrastructure locations and hazard data.
The 2024 update also includes a preview of Future RAPT built with ArcGIS Experience Builder, Esri’s new web app tool. Within Future RAPT, users can take a tour that walks through all of the new features and preview the County Overview dashboard, which provides at-a-glance information at the county level.
FEMA’s Aug. 7 webinar will provide an overview of these technical, data and functional updates to RAPT in 2024. It will also provide live demonstrations, including a walkthrough of RAPT’s brand new layout and how to run county reports.
Visit the RAPT Resource Center to access supporting materials, learn more about RAPT functionality and see how it can improve resilience planning in your community.
Register in advance to attend the Aug. 7 webinar at FEMA.gov.
(Source: FEMA)
|
|
CISA and FBI release joint PSA: Putting potential DDoS attacks during the 2024 election cycle in context
On July 31, as part of their public service announcement series for the 2024 election cycle, CISA and the Federal Bureau of Investigation (FBI) jointly released Just So You Know: DDoS Attacks Could Hinder Access to Election Information, Would Not Prevent Voting. This public service announcement is to raise awareness that Distributed Denial of Service (DDoS) attacks on election infrastructure, or adjacent infrastructure that supports election operations, could hinder public access to election information, but would not impact the security or integrity of election processes.
This publication is to help educate the public on what DDoS attacks are, their effects on election infrastructure, recommendations for voters, and victim reporting information.
(Source: CISA)
Microsoft 365 faltered due to Denial of Service attack
On Tuesday, July 30, the company reported outages in Microsoft 365, which consists of Microsoft Teams, Word, Excel, PowerPoint, Outlook, and OneDrive. More specifically, Microsoft 365 admin center, Intune, Entra, Power Platform, and Power BI were failing -- though SharePoint Online, OneDrive for Business, Microsoft Teams, and Exchange Online were unaffected. Microsoft reported that all was back to normal by 3:43 PM Eastern time.
In a statement on Tuesday, Microsoft confirmed, "while the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it."
(Source: ZDNet)
|
|
LA County courts reopen, with limits, after devastating cyberattack. Here's what you need to know about services
L.A. County’s courts reopened Tuesday after a cyberattack shut down the nation’s largest trial system — despite work all weekend to fix the damage.
Court officials announced late Monday afternoon that all 36 courthouses will be back in business thanks to the “tireless work of court staff and security experts.”
The attack, which was discovered in the early morning on Friday, July 19, forced the shutdown of nearly all network systems — from the jury portal to the court’s website. Court officials initially thought the Friday outage was due to a widespread global tech outage that hobbled travel, hotels, hospitals and other businesses. Later on Friday, court officials said they'd determined a ransomware attack was to blame.
Local, state and federal law enforcement agencies are investigating the breach, along with the California Governor's Office of Emergency Services.
(Source: LAist)
Columbus reports cyber incident as multiple cities recover from ransomware attacks
The city of Columbus, Ohio said it is working to restore its systems after a cybersecurity incident forced the government to sever internet connectivity.
The city first notified the public of issues in a brief Facebook statement on Friday, July 19. Officials said the city’s Department of Technology discovered an “abnormality” on Thursday July 18 and contacted law enforcement to help with the recovery. They noted that the incident was “unrelated to the global IT outage” caused by cybersecurity firm CrowdStrike.
"911 and 311 are operational, but they are not operating as if they would normally, obviously. The dispatch system at 911 and 311 are accepting calls and a lot of them are working on paper, based on us shutting down the system. It is clearly not as efficient as we would like it to be," Columbus’ mayor told WBNS in an initial statement. The Columbus Dispatch reported on Thursday, July 25, that the city is prioritizing the restoration of law enforcement systems — most notably the computer-aided dispatch system.
City officials released a statement this week explaining that while its 911 and employee payroll systems remain operational, several resident-facing IT services are dealing with outages that “may take time to restore.”
(Source: The Record)
Columbus fights online attack; state to spend $7M on issue
As Columbus continues to deal with a digital security incident, the state of Ohio announced it will spend $7 million in taxpayer money to help cities fight internet attacks.
Gov. Mike DeWine announced a new statewide grant program expected to help municipalities with security software and services. The money comes from CISA and FEMA. Local governments can use the money for endpoint protection, multi-factor authentication, secure mail, vulnerability management, migration to a dot gov internet domain and internet security services from the Multi-State Information Sharing and Analysis Center and the Center for Internet Security.
(Source: The Center Square – Ohio)
Cyberattack against OneBlood delaying deliveries of donated blood across Florida
The nonprofit OneBlood is facing a ransomware attack on its software system. OneBlood officials say they were alerted to the attack on Monday, July 29, and have been continuing operations manually.
The Florida Hospital Association says hospitals are always prepared for natural disasters and emergencies, but that this type of attack presents different types of challenges.
"It may be occurring over many days," Mary Mayhew, the President & CEO of the Florida Hospital Association said. "It is a statewide impact. OneBlood supplies between 80 and 90% of all the blood for all the hospitals in Florida. This is a cyberattack on a critical, lifesaving resource."
The cyberattack has delayed deliveries of blood and platelet units to hospitals around the state. Level one trauma centers like Tampa General Hospital rely on massive amounts of blood and platelets every day.
(Source: Fox 13 Tampa Bay on MSN)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
