View as a webpage / Share

Volume 24 — Issue 46 | November 14, 2024

Election security during the post-election period: Resources for emergency services

The polls closed for the U.S. general election on Tuesday, Nov. 5, but the post-election period continues through Inauguration Day on Monday, Jan. 20, 2025. First responders may have a role providing physical security, emergency medical services, or other emergency response at election-related incidents. It is important to have a coordination plan with law enforcement partners to achieve the mission of protecting lives and property.

The following resources can assist emergency services agencies with their situational awareness, planning, and coordination efforts during the post-election period.

Some threats to election security may originate from foreign actors. Having an awareness of the tactics foreign actors are likely to use may inform emergency response, planning, and preparedness efforts. The Office of the Director of National Intelligence (ODNI) recently released a declassified memorandum, Foreign Threats to US Elections After Voting Ends in 2024. This 7-page memorandum examines the threat of foreign election influence or interference in the U.S. general election from Election Day through Inauguration Day.

The International Association of Fire Chiefs (IAFC) recently highlighted several resources to assist fire and emergency medical services (EMS) departments, including:

• US Election: Violent Extremists Threat Environment Considerations for the Public Safety Community. This is a First Responder’s Toolbox from the National Counterterrorism Center’s Joint Counterterrorism Assessment Team (JCAT).
• Election Mail Handling Procedures to Protect Against Hazardous Materials. This guide from the Cybersecurity and Infrastructure Security Agency (CISA) provides an overview for election officials on preparing to respond to potential hazardous materials exposure from handling mail. It also provides best practices on how to protect against the three potentially lethal powders of greatest concern - fentanyl, anthrax, and ricin - in addition to more routine mail hazards.
• Response Considerations: Incidents Involving Crowds During the 2024 Presidential Election Period. This IAFC white paper provides a background on potential risks, operational considerations, and resources.

CISA’s Election Security resource library and its #Protect2024 campaign provide guidance documents and information on how to seek technical assistance to improve election security efforts in your community.

(Sources: IAFC, ODNI, JCAT, CISA)

Highlights

Election security during the post-election period: Resources for emergency services

2025 National Wildfire Mitigation Award nomination period open

Critical Infrastructure Security and Resilience Month, webinar Nov. 20

Webinar: Don’t Forget to Inform the Public - Why Messaging Matters

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

2025 National Wildfire Mitigation Award nomination period open

The Wildfire Mitigation Awards (WMAs) are the highest national honor one can receive for outstanding work and significant program impact in wildfire preparedness and mitigation. The program was established in 2014 by the National Association of State Foresters (NASF), the IAFC, the National Fire Protection Association (NFPA), and the USDA Forest Service (USFS) in response to an overwhelming number of great wildfire mitigation program efforts happening across the United States.

The nomination period for the 2025 Wildfire Mitigation Awards is now open. Individuals, agencies (federal, state, or local), or organizations that have made outstanding contributions with significant program impact in mitigation of wildfire risk to communities are eligible. Nominations can be submitted within the following categories:

• The National Wildfire Mitigation Award recognizes the efforts of organizations and individuals who have implemented successful and sustainable wildfire mitigation projects in their communities.
• The National Wildfire Mitigation Hero Award recognizes an individual or organization whose community-wide mitigation project reduced damage and risk to a community when a wildfire impacted the community.
• The National Wildfire Mitigation Legacy Award is designed to recognize an individual’s outstanding contribution to the larger world of mitigation.

See the 2025 WMA criteria and guidelines for details on eligibility and the selection process.

Each year, the WMA awardees are honored in person at the annual Wildland-Urban Interface (WUI) Conference, hosted by the IAFC. The 2025 awardees will be honored at the 2025 WUI Conference in Kansas City, Missouri, which will take place March 27-29, 2025.

To learn more about how to nominate for this year’s WMAs and read about the wildfire mitigation projects of past awardees, visit the NASF’s Wildfire Mitigation Awards page. All nominations for the 2025 Wildfire Mitigation Awards must be submitted via this online form by Wednesday, Dec. 18, 2024.

(Source: NASF)

Critical Infrastructure Security and Resilience Month, webinar Nov. 20

On Nov. 7, CISA announced the kickoff of Critical Infrastructure Security and Resilience (CISR) Month.

CISR Month is CISA’s annual effort to educate and engage all levels of government, infrastructure owners and operators, and the American public about the vital role critical infrastructure plays in the nation’s security and why it is important to strengthen critical infrastructure resilience.

The enduring theme this year remains “Resolve to be Resilient.” Throughout November, CISA is highlighting how critical infrastructure organizations can integrate the following practices to help make our critical infrastructure secure, resilient, and able to bounce back quickly and build back stronger when disruptions occur:

• Know Your Infrastructure and Dependencies.
• Assess Your Risks.
• Make Actionable Plans.
• Measure Progress to Continuously Improve.

CISA has provided resources on its Critical Infrastructure Security and Resilience (CISR) Month webpage, which includes a toolkit and social media graphics.

The toolkit includes lists with quick actions that can be taken by various stakeholders. For example, state, local, tribal, and territorial governments can help make critical infrastructure more resilient by connecting public safety officials with private sector businesses, and by conducting or participating in a training or exercise to improve security and resilience.

The toolkit highlights CISA’s resources on the following topics:

• Active shooter preparedness.
• Bombing Prevention and C-IED.
• Chemical security.
• Federal facility security.
• Insider threat.
• School safety.
• Resilience planning and supply chain security.
• UAS security.
• Public gatherings and physical security.
• Self-assessments and exercises.

On Wednesday, Nov. 20 at 11:30 a.m. EDT, CISA will host a CISA Live! event, Making Progress on Critical Infrastructure Security and Resilience. CISA’s Executive Assistant Director for Infrastructure Security will share key areas of progress, highlighting CISA’s recent initiatives and valuable resources designed to help all Americans “Resolve to be Resilient.” Participants will have an opportunity to engage in a live Q&A.

Visit CISA’s Critical Infrastructure Security and Resilience (CISR) Month webpage to learn more. Join the Nov. 20 CISA Live! on LinkedIn. Access this event and all past CISA Live! event recordings at https://www.cisa.gov/cisa-live. You can also follow CISA on social media to join the #BeResilient conversation.

(Source: CISA)

Webinar: Don’t Forget to Inform the Public - Why Messaging Matters

The Homeland Defense & Security Information Analysis Center (HDIAC) will host a webinar on Wednesday, Nov. 20 at 12 p.m. EDT, Don’t Forget to Inform the Public: Why Messaging Matters.

Throughout the course of various crises, communication from government agencies and key stakeholders is critical. Unfortunately, this communication has been upended many times in a variety of ways. To alleviate public fear, some organizations have fallen into the trap of downplaying the seriousness of a catastrophic event.  In other cases, information posted on social media has been usurped by others and twisted into conspiracy theories or misinformation.

This webinar will explore some historical successes and failures of public communications. A theme will emerge in which targeted communications and partnerships with organizations and individuals, heretofore ignored as a legitimate podium for public information dissemination, are critical in achieving information goals.

Key takeaways will include the following:

• The importance of messaging for managing crises.
• Maintaining public trust through messaging.
• Examples of targeted campaigns with successful results.
• Engaging with social media influencers.
• Enhancing training for public information officers.

HDIAC is a component of the U.S. Department of Defense’s (DoD's) Information Analysis Center (IAC) enterprise, serving the defense enterprise of DoD and federal government users and their supporting academia and industry partners. HDIAC regularly hosts live online technical presentations featuring a DoD research and engineering topic within one of HDIAC’s technical focus areas. These include many homeland defense topics relevant to the emergency services sector, such as medical and CBRNE defense, critical infrastructure protection, counterterrorism, environmental security, aviation security, law enforcement, building and facilities security, border security, disaster/emergency response and recovery, and cybersecurity/information management.

This webinar is open to the public. Learn more and register at HDIAC.DTIC.MIL.

(Source: HDIAC)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

Joint statement from FBI and CISA on the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure

The U.S. government's continued investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign.

PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders.

Read the full Nov. 13 statement at CISA.gov.

(Source: CISA)

Zero-days from top security vendors were most exploited CVEs in 2023

Zero-days comprised the majority of the most routinely exploited vulnerabilities last year, an increase from 2022 which allowed cybercriminals to attack higher-priority targets, Five Eyes cyber officials said in a Tuesday advisory.

The top five vulnerabilities exploited by attackers in 2023 were found in three vendors (Citrix, Cisco, and Fortinet) across networking devices, remote access servers and firewalls.

Last year, the two pairs of CVEs in Citrix and Cisco products, respectively, comprised the four most-exploited vulnerabilities of the year.

(Sources: Cybersecurity Dive, CISA, NSA, FBI)

House Homeland releases “Cyber Threat Snapshot” highlighting rising threats to US networks, critical infrastructure

On Nov. 12, the House Committee on Homeland Security has released a new Cyber Threat Snapshot examining growing threats posed by malign nation-states and criminal networks to the homeland and the data of Americans.

Unfortunately, cyberattacks on critical infrastructure increased 30 percent globally last year.

To undermine U.S. sovereignty, Iranian hackers used spear-phishing to target campaign networks and government officials; China allegedly backed hacking group Salt Typhoon to infiltrate candidates’ phones; and Russia used a botnet to target social media feeds in an effort to spread their malign influence.

From Iran-backed intrusions into our water sector and the targeting of satellites to the Chinese Communist Party-affiliated ‘Typhoon’ intrusions into numerous facets of our critical infrastructure, nation-states see the dangerous value in disrupting, manipulating, or surveilling the operational and information technology that supports the daily lives of Americans.

Cyber insecurity also impacts the health and wellness of Americans, as cybercriminals increasingly target hospitals and other healthcare entities for ransom. The intrusions into the Ascension Health hospital system and Change Healthcare, a UnitedHealth subsidiary, showcase the damage that can be done to patient care and privacy when the IT that is foundational to emergency response is undermined by cyber criminals.

Read the full Nov. 12 release and Snapshot at Homeland.House.Gov.

(Source: U.S. House of Representatives, Homeland Security Committee)

NIST Invites comments on Enhanced Security Requirements for Protecting Controlled Unclassified Information

The initial public draft (ipd) of the National Institute of Standards and Technology’s (NIST’s) Special Publication (SP) 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI), is available for comment.

SP 800-172r3 provides recommended security requirements to protect the confidentiality, integrity, and availability of CUI when it is resident in a nonfederal system and organization and is associated with a high value asset or critical program. The enhanced security requirements give organizations the capability to achieve a multidimensional, defense-in-depth protection strategy against advanced persistent threats (APTs) and help to ensure the resiliency of systems and organizations.

The enhanced security requirements in SP 800-172r3 supplement the security requirements in SP 800-171r3 and are intended for use by federal agencies in contractual vehicles or other agreements between those agencies and nonfederal organizations.

The public comment period is open through January 10, 2025.

(Source: NIST)

Center for Internet Security: The Scariest Malware of 2024

In episode 109 of the Center for Internet Security’s (CIS’) podcast, Cybersecurity Where You Are, CIS’ Vice President of Security Operations & Intelligence and Director of Intelligence & Incident Response examine the scariest malware of 2024. It discusses what makes certain malware strains “scarier” than others, what trends shaped the cyber threat landscape in 2024, and how malware tactics and techniques from 2024 will continue to evolve.

The podcast shares recommendations for how organizations can keep up with the changing cyber threat landscape, including how individuals and organizations can proactively defend themselves and how national strategies are shaping malware defense and incident response.

(Source: CIS)

State and local security adjusting to shifting cyber threats, insurance requirements

Although security has always been taken seriously, many governments didn’t consider going as far as taking out cybersecurity insurance because they didn’t feel they were lucrative enough targets to attract the persistent attention of cyber threat actors. But any added sense of security from being perceived as relatively inconsequential targets is quickly eroding. The attacks this summer on the City of Columbus, Ohio, and the New Mexico public defender’s office were notable on their own, but they also continued a trend.

Cyberattacks on state and local governments have become both more frequent and more profitable for threat actors. The average cost of a ransomware attack on state and local governments so far this year is $2.83 million, more than double the $1.21 million average in 2023, according to Sophos’ State of Ransomware in State and Local Government 2024 report.

In addition to becoming more expensive, cyber insurance is also harder to get. Insurance providers increasingly demand that organizations meet a minimum set of security standards to qualify for coverage. State and local governments must adopt a proactive approach to cybersecurity, both to mitigate increasingly active threats and to improve their eligibility for cyber insurance coverage.

(Source: Route Fifty)

UN Security Council meeting discusses impact of ransomware attacks on hospitals

A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health systems. During the meeting, the president of Ascension Healthcare, shared insights from a cyberattack in May that disrupted operations across the health system's 120 hospitals.

"As we have been loudly advocating for years, these cross-border ransomware attacks are conducted by ransomware gangs who enjoy safe harbor provided primarily by Russia, China, North Korea and Iran. It is an international threat that can only be solved through international cooperation and a will from aligned nations to effectively increase risk and consequences for those who commit and support these despicable acts," said the American Hospital Association’s (AHA’s) national advisor for cybersecurity and risk.

(Source: AHA)

Local cybersecurity expert weighs in on City of Sheboygan ransom attack

The City of Sheboygan, Wisconsin, is investigating a cyberattack on its network and a ransom message.

There was a potential network issue a week and a half ago. There was an external, unauthorized access to the network. The network has since been secured, and a forensic review is underway. Now, it’s a matter of figuring out “Who got in, how long have they been there, what have they done and what do they want to do?” according to cybersecurity expert Brian Collins.

The mayor’s office released a statement: “Public safety services are responding to all emergent and nonemergent requests for service with limited interruptions. The phone system and radio network are fully functional. This issue is not affecting safety in any way. City of Sheboygan employees with internet access can communicate with each other online as all cloud-based services are up and working.”

(Source: WTMJ-TV Milwaukee)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.