View as a webpage / Share

Volume 24 — Issue 35 | August 29, 2024

Firefighter safety and large vehicle tire fires

On June 14, 2024, Los Angeles County firefighters were dispatched to a burning construction vehicle. A firefighter was killed while trying to douse this fire when one of the vehicle’s nearly 7-foot tires exploded.

While it is common for tires to build pressure and blow out in a fire, occasionally tires don’t simply blow, they explode. When rubber in the tire overheats, it can begin releasing highly flammable hydrocarbon vapors into the air within the tire in a chemical reaction called tire pyrolysis. As the vapors are released, the air pressure and temperature within the tire increase dramatically. If the flammable vapor inside the tire meets oxygen at a high enough temperature, auto-ignition can occur.

This reaction is powerful enough to create an explosion, accompanied by a violent shock wave and shrapnel. The larger the tire is, the larger the blast.

This month, L.A. County Fire Department issued a safety bulletin about large vehicle tire fires, instructing firefighters to maintain a certain distance from burning heavy-equipment vehicles. This bulletin was distributed to thousands of firefighters in California. The bulletin explains the mechanics of the explosive process, the explosive effects, and the appropriate risk management steps firefighters need to take, including establishing explosive hazard zones.

L.A. County and neighboring county firefighters in California were unaware of the risk of pyrolysis and explosion within vehicle tires, since the occurrence is relatively rare. This tragic line of duty death on June 14 served as a reminder of the risks.

Please share this safety information widely with fire service personnel.

(Sources: Los Angeles Times, L. A. County Fire Department, Infrastructure Health and Safety Association)

Highlights

Firefighter safety and large vehicle tire fires

Impact of the July 19 CrowdStrike outage on public safety systems

DOJ releases Navigating Conflicts: A Guide for Campus Leaders and Public Safety Personnel

Webinar: From Policy to Action - Putting Plans to Work Through Plan Implementation

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

Impact of the July 19 CrowdStrike outage on public safety systems

On July 19, 2024, CrowdStrike, a U.S. cybersecurity firm, released a software update to their customers. The update caused certain systems to crash, disrupting services across several industries, including airlines, banks, hospitals, government agencies, and public safety systems.

CrowdStrike reported that the incident was caused by “a defect found in a single content update of its software on Microsoft Windows operating systems” and was not a cyberattack. Though the update affected less than 1% of all Windows machines, the impacts were widespread and global.

The Congressional Research Service (CRS) published an In Focus report shortly after the incident: IT Outage from CrowdStrike’s Update: Impacts to Certain Public Safety Systems and Considerations for Congress.

The incident affected public safety agencies that use CrowdStrike’s cybersecurity software on their computer systems. This CRS report focuses on the impact of the CrowdStrike incident on U.S. public safety communications systems and services, such as 911 systems, police and fire agency systems, fire alarms, broadcast networks involved in emergency alerting, and some federal agencies that support public safety and emergency response.

The report discusses how the telecommunications and public safety sectors are attempting to address emerging risks with their evolving technology. These sectors have been migrating to IP-based networks and software-defined networks to enhance network management and performance and enable interconnectivity. This technology migration has enhanced redundancy and resiliency but has introduced new vulnerabilities.

The report makes recommendations for consideration by Congress, such as providing or prioritize funding for critical infrastructure resiliency, including for public safety backup systems. The report also makes recommendations that Congress could address with directives to the Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), and the Federal Communications Commission (FCC).

Access the report within the CRS’ digital collection at csrreports.congress.gov.

(Source: CRS)

DOJ releases Navigating Conflicts: A Guide for Campus Leaders and Public Safety Personnel

The 2023–2024 academic year was a challenging one for academic, administrative, and law enforcement leaders charged with keeping our college and university campuses safe. Demonstrations on campuses occurred at a level not seen in decades. Campus law enforcement and public safety personnel were tasked with protecting access to public spaces, separating protesters and counterprotesters to avert violence, or both.

The Department of Justice’s (DOJ’s) Community Relations Service (CRS) recently released Navigating Conflicts: A Guide for Campus Leaders and Public Safety Personnel. This Guide was developed by CRS, in collaboration with the Department’s Office of Community Oriented Policing Services (COPS Office) and The Ohio State University’s Divided Community Project.

The Guide is published not as an analysis of past conflict on campus or an assessment of leadership response but as a framework to help campus leaders and public safety professionals conceptualize conflict and inform decision-making when it does occur.

The publication includes:

• Explanations of the critical topics of awareness, communication, support, and coordination.
• A toolkit for rapid response to campus conflict.
• An interactive simulation, “Nexera University.”

The CRS and the Divided Community Project are available to college and university communities to provide assistance with any of these resources—including helping facilitate the interactive simulation in person, virtually, or in a hybrid format. Colleges and universities interested in receiving assistance may contact askCRS@usdoj.gov.

Learn more and access the Guide at Justice.gov.

(Source: DOJ)

Webinar: From Policy to Action - Putting Plans to Work Through Plan Implementation

The Federal Emergency Management Agency’s (FEMA’s) National Mitigation Planning Program is hosting a webinar in its “From Policy To Action” series, Putting Plans to Work through Plan Implementation on Thursday, Sept. 5 from 1 - 2:30 p.m. EDT.

The webinar is targeted to anyone involved in hazard mitigation. The webinar covers the benefits of plan implementation and the tools to get there. Participants will learn how to streamline and amplify planning efforts in ways that support the whole community.

The webinar will discuss how a state agency, a Tribal Nation, and a county are each implementing mitigation plans:

• The Ohio Emergency Management Agency shares how their portal is supporting plan and project information.
• Learn how the Oneida Nation took a proactive approach to risk reduction and coordinating with other partners.
• Hear how Dauphin County, Pennsylvania fostered a robust annual review process.

Past webinars in FEMA’s “From Policy to Action” series are available within FEMA’s Mitigation Planning YouTube Playlist. Learn more about Hazard Mitigation Planning at FEMA.gov.

Learn more and register for this webinar at Eventbrite.com.

(Source: FEMA)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

CISA and partners release advisory on Iran-based cyber actors enabling ransomware attacks on US organizations

On Aug. 28, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, targeting and exploiting U.S. and foreign organizations across multiple sectors in the U.S.

FBI investigations conducted as recently as August 2024 assess that cyber actors like Pioneer Kitten are connected with the Government of Iran (GOI) and linked to an Iranian information technology (IT) company.

This advisory highlights similarities to a previous advisory, Iran-Based Threat Actor Exploits VPN Vulnerabilities published on Sept. 15, 2020, and provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).

CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in this joint advisory to reduce the likelihood and impact of ransomware incidents. For more information on Iranian state-sponsored threat actor activity, see CISA’s Iran Cyber Threat Overview and Advisories page.

(Source: CISA)

NSA: Protecting VSAT Communications

Commercial Very Small Aperture Terminal (VSAT) networks are increasingly used for remote communications in support of U.S. government missions. Due to the nature of VSAT network communication links and recent vulnerabilities discovered in VSAT terminals, network communications over these links are at risk of being exposed and may be targeted by adversaries for the sensitive information they contain or to compromise connected networks.

Most of these links are unencrypted, relying on frequency separation or predictable frequency hopping rather than encryption to separate communications. Public vulnerability research has found certain terminal equipment vulnerable to compromise and illicit firmware modification [1]. NSA recommends that VSAT networks enable any available transmission security (TRANSEC) protections, segment and encrypt network communications before transmitting across the VSAT links, and keep VSAT equipment and firmware up to date.

Read the full Cybersecurity Advisory from the National Security Agency (NSA)

(Source: NSA)

Full timeline shows how Columbus cyberattack played out

Since events unfolded on July 18, 10TV has learned that hundreds of thousands of private citizens’ information was leaked in the data breach as well as personal information from the Columbus Division of Fire and the Columbus Division of Police.

The city's department of technology “found evidence of an abnormality in its system on July 18.” As a result, the city severed internet connection to reduce the threat to the city's systems.

Nearly two weeks after Ginther unplugged the city from the internet, two officers with the Columbus Division of Police came forward on July 31 saying their bank accounts were hacked.

On Aug. 1, a hacker group came forward claiming responsibility for the attack and demanding nearly $2 million in ransom for the data.

Many Columbus police officers closed out their current banking accounts and asked the city to pay them by paper check instead of direct deposit to secure their new accounts.

10TV learned on Aug. 19 that a second city database was hacked, this included thousands of incident reports from the Columbus Division of Fire.

On Aug. 28, 10TV learned that additional sensitive police information that was leaked on the dark web in the data breach. Information from the Columbus police crime matrix is available, which includes witness, victim and suspect information from any police report in the last 10 years. It also details the names and details of undercover officers.

According to a fact sheet published by the city Tuesday, the data posted to the dark web by ransomware group Rhysida contained corrupted and encrypted information from city backup files.

(Source: 10TV WBNS – Columbus)

McLaren Health Care systems restored, experts warn of hospital cyberattacks

Operations are restored at McLaren Health Care after a cyber attack crippled systems at its 13 hospitals throughout Michigan, Indiana and Ohio this month.

In a press release, the health system did not say if employee and patient data had been stolen and held for ransom. An investigation continues into what is the second attack on McLaren in a year.

Since the health system was compromised on Aug. 5, McLaren said it’s had to manually input patient health records - which can slow down hospital operations.

The attack canceled cardiac tests and radiation treatments for cancer. Some ambulances were diverted from McLaren hospitals. Appointments had to be canceled because physicians couldn't access certain reports and lab test results.

(Source: Interlochen Public Radio)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.