CDC seeks to Improve Food Safety in Jails and Prisons; Maui Police Release Preliminary report on Lahaina Wildfire
Feb 15
The Info Gram - Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC)
CDC survey seeks input from correctional staff to improve food safety in jails and prisons
The Centers for Disease Control and Prevention (CDC) has noted that jails and prisons in the United States are experiencing large foodborne outbreaks. These outbreaks affect both incarcerated populations and the workers at these facilities. This can strain correctional staff and local health systems. The CDC is looking to work with correctional and public health partners to improve food safety in correctional settings.
The CDC has developed an anonymous survey to collect information on correctional worker opinions and practices related to food safety in correctional settings. The survey results will help create food safety guidance tailored to the unique needs of jails and prisons and food safety training opportunities for correctional staff.
This survey is open to all federal, state, local, and tribal correctional facility employees, not just those assigned to work in food preparation. The survey is not open to incarcerated workers. The survey is anonymous; information that can be tied to an individual or facility will not be collected.
The CDC estimates that the survey will take less than 30 minutes to complete.
The CDC has provided the following downloadable materials to distribute the survey information:
A one-page letter from the CDC’s Division of Foodborne, Waterborne, and Environmental Diseases with more information, instructions, and a link to the survey.
A QR code that can be scanned by a mobile device to link the participant directly to the survey.
If you work in a correctional facility in the United States, please share these materials with correctional workers within your organization and encourage their participation. These documents can be shared electronically or posted on a wall or message board at your correctional facility. If you work closely with a correctional facility as an allied professional in public safety or public health, please feel free to share this information with any correctional workers or facilities you work with.
The CDC requests that the survey be completed before Saturday, March 30, 2024. Access the survey at the following link:
https://redcap.link/naxi8y9o
(Source: CDC)
Highlights
CDC survey seeks input from correctional staff to improve food safety in jails and prisons
Maui police release preliminary after action report on 2023 Lahaina wildfire
FEMA hosts tabletop exercises on emergency alerts for winter weather emergencies
FSRI launches first online course in updated Fire Safety Academy, Prerequisites for Live Fire Training Participants
Cyber Threats
US Fire Administration
The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).
For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.
subscribe here
Maui police release preliminary after action report on 2023 Lahaina wildfire
On Aug. 8, 2023, Pacific hurricane winds intensified fire behavior in a series of wildfires that occurred on the island of Maui in Hawaii. The wind-driven wildfires destroyed more than 2,200 structures and caused about $5.5 billion in damage. The most significantly impacted area was the historic district of Lahaina, where more than 100 lives were lost. The August 2023 Maui wildfires now rank as the fifth deadliest in U.S. history and the worst natural disaster in Hawaii’s history.
On Monday, the Maui Police Department (MPD) released a preliminary after action report focused on the police response to the Maui wildfires, primarily in Lahaina. The MPD shared the report’s findings at a Feb. 5 news conference.
Several investigations into the Maui wildfires are still ongoing, and this preliminary report is the first analysis to be released by any of the island's emergency response agencies. The MPD’s examination deals exclusively with the Maui police response. It does not address the cause and origin of the fires or the response by fire crews.
During the wildfire, the MPD played a supporting role to the fire response, assisting with evacuations, communications and rescue efforts.
The preliminary report makes 32 recommendations to improve Maui’s police response to future natural disaster response efforts. Some recommendations call for better equipment and updates to technology. For example, two recommendations were to provide officers with better earpieces to use when high winds make it hard to hear police radios and to equip all patrol cars with breaching kits to remove downed trees or utility poles from roadways.
Other recommendations focus on improving communications between emergency personnel and officers themselves, such as stationing a high-ranking officer — a lieutenant or higher — in the communications center to help relay information to police commanders. The report also suggested giving officers in the field more briefings during recovery efforts.
The final MPD report will be released within the next 6 to 12 months. In the meanwhile, the preliminary report will be shared with other law enforcement agencies across the nation for their input and so they can also benefit from the recommendations.
A separate, ongoing investigation is looking into how Maui County and state agencies coordinated emergency alerts, evacuations, firefighting, communications and other details of the response to the fires. Hawaii’s State Attorney General contracted with Underwriters Laboratories’ Fire Safety Research Institute (FSRI) to conduct this independent investigation. According to a recent statement by Hawaii’s Attorney General, phase 1 of FSRI’s investigation is expected to be completed in March 2024. It will include facts of the county and state response and a timeline of the wildfire from Aug. 8-11, 2023.
The investigation into the cause and origin of the wildfires on the island of Maui on Aug. 8 will be completed by Maui County fire officials and other local partners, with assistance from federal investigators with the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF). No timetable for completion of this investigation has been set.
(Sources: MPD, Hawaii News Now, FSRI, ATF, Associated Press, FireRescue1, ABC News)
FEMA hosts tabletop exercises on emergency alerts in February
The Integrated Public Alert and Warning System (IPAWS) is the Federal Emergency Management Agency’s (FEMA’s) national system for local alerting that lets state, local and Tribal Nation authorities send authenticated emergency and life-saving information to the public through mobile phones using Wireless Emergency Alerts, to radio and television via the Emergency Alert System, and on the National Oceanic and Atmospheric Administration's Weather Radio.
To support its emergency alerting partners, FEMA’s IPAWS Technical Support Services Facility (TSSF) conducts exercises on a quarterly basis. These exercises allow Alert Originators to practice, review and exercise their alert, warning, and notification capabilities.
FEMA’s IPAWS Office is offering three tabletop exercise events in February which will allow Alert Originators to practice alert, warning and notification capabilities for winter weather emergencies. This will be a scenario-based exercise with facilitated group discussions to promote peer-to-peer learning. There will be two virtual events and one in-person event, all offering the same training:
Virtual Tabletop Exercise: Tuesday, Feb. 27, 11 a.m.–1 p.m. EST. Register for this event on Zoom.
Virtual Tabletop Exercise: Wednesday, Feb. 28, 1 p.m.–3 p.m. EST. Register for this event on Zoom.
In-Person Tabletop Exercise: Thursday, Feb. 29, 11 a.m.–1 p.m. EST. This event will be held at the National Harbor in Maryland. Seating is limited. To register, please email the IPAWS TSSF training and exercise staff at fema-ipaws-training-exercises@fema.dhs.gov, stating your request to participate, a primary point of contact for your organization, agency name and the number of expected participants.
Watch this short video from FEMA to learn more about IPAWS Tabletop Exercises. Read FEMA’s IPAWS Guidance Fact Sheet to learn how FEMA encourages and supports the incorporation of IPAWS and Alerting Authorities into in emergency management drills, workshops, and exercises.
For general IPAWS questions, please email fema-ipaws-lab@fema.dhs.gov.
(Source: FEMA)
FSRI launches first online course in updated Fire Safety Academy, Prerequisites for Live Fire Training Participants
Fire Safety Research Institute (FSRI), part of UL Research Institutes, just announced the release of the new Prerequisites for Live Fire Training Participants online course. Based on section 4.3.2 of the standard NFPA 1403, this course focuses on the foundational knowledge firefighters need before donning their gear and taking action on the training ground.
After taking this course, firefighters will be able to apply foundational knowledge of fire dynamics, fire behavior and development, firefighting tactics, and firefighter health and safety. This understanding will help them get the most out of their training and make safe and effective decisions on the fireground.
FSRI announced at the end of last month that it launched a major update to its Fire Safety Academy (FSA), the online learning platform that provides firefighters with free access to science-based training. “FSA 2.0” now features seamless integration with other learning platforms, integration of National Fire Protection Association (NFPA) standards, custom learning pathways, blended learning options, shorter and more modular lessons, robust training officer tools, and more.
As the first course launched in the updated Fire Safety Academy, “Prerequisites for Live Fire Training Participants” takes advantage of the new cutting-edge features tailored to training officers. The course is broken down into bite-size lessons that instructors can deliver individually to reinforce a key concept or teach as part of a customized learning pathway. In addition, all lesson videos are downloadable. Instructors can easily integrate the videos into their existing curriculum, facilitating in-person training sessions for groups of students.
To learn more about the course, see FSRI’s press release and short video overview of the course. Access the course at the Fire Safety Academy.
(Source: FSRI)
cyber threats
Cyber Incident Assistance
MS-ISAC
SOC@cisecurity.org
1-866-787-4722
IdentityTheft.gov
IC3
Cybercrime Support Network
General Information
StopRansomware.gov
CISA's Known Exploited Vulnerabilities Catalog
FTC scam list
CISA alerts
Law Enforcement Cyber Center
TLP Information
CISA hosts second Cyber Resilient 911 Symposium
The Cybersecurity and Infrastructure Security Agency’s (CISA’s) Emergency Communications Division (ECD) led the Cyber Resilient 911 (CR911) Program’s second regional symposium in the Southeast, which included CISA regions 4 and 6 as well as Delaware, Puerto Rico, West Virginia, and the U.S. Virgin Islands.
Attendees included 911 administrators, representatives from local centers and IT/cyber communities, and Statewide Interoperability Coordinators (SWICs) from each state and territory. CISA's collaboration history with SWICs is crucial for enhancing nationwide interoperability and strengthening stakeholder relationships, especially in emergency communication systems like 911.
At the symposium, speakers and panelists presented an overview of the current cyber threat landscape and shared resources to help enhance the cybersecurity posture of Emergency Communication Centers (ECCs). Symposium topics included the current state of cyber resilience in the 911 ecosystem, best practices for responding to a cyberattack and the available program resources for each region.
CISA will continue its efforts to reach 911 stakeholders in Spring 2024 and plans to host two additional symposiums in the Western and Central regions. CISA will use the findings from each symposium to help determine how to better serve the 911 community’s cybersecurity needs.
(Source: CISA)
CISA and partners release advisory on PRC-sponsored Volt Typhoon activity and supplemental living off the land guidance
On Feb. 7, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques.
Volt Typhoon actors are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The advisory provides actionable information from U.S. incident response activity that can help all organizations.
To supplement the advisory, the Joint Guidance provides threat detection information and mitigations applicable to LOTL activity, regardless of threat actor. Additionally, CISA has published Secure by Design Alert: Security Design Improvements for SOHO Device Manufacturers, which provides technology manufactures guidance on protecting their products from Volt Typhoon compromises.
(Source: CISA)
HC3 Analyst Note: Akira Ransomware
Akira ransomware is a relatively new ransomware gang that has demonstrated aggressive and capable targeting of the U.S. health sector in its short lifespan.
Akira ransomware was first identified in May of 2023, and in less than a year, it has claimed at least 81 victims. It should not be confused with another ransomware variant known as Akira, which was briefly observed in 2017 but is believed to be unrelated to the most recent and active variant, which is the subject of this paper. There is research suggesting that Akira has connections to the now-defunct Conti ransomware gang.
The technical details of this include similarities in their exploitation approach, the selection of certain types of files and directories for targeting, their choice of application for encryption algorithms, their use of ransom payment addresses, and the incorporation of comparable functions.
U.S. healthcare organizations are advised to follow the steps in this alert to minimize their risk of attack.
Read the full Analyst Note from the Department of Health and Human Services (HHS), Health Sector Cybersecurity Coordination Center (HC3).
(Source: HHS HC3)
Beware of romance/confidence scams ahead of Valentine’s Day
Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim. The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites.
The FBI provides tips for avoiding romance scams along with video interviews with victims and special agents on its Romance Scams page.
If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes. If you suspect an online relationship is a scam, stop all contact immediately. If you are the victim of a romance scam, file a complaint with the FBI’s Internet Crime Complaint Center (IC3).
(Source: FBI)
Boosting .gov adoption: Can a new, quicker process help?
A “record-breaking” number of government agencies applied for an official .gov domain in the first week of February following the launch of a new, fully digital application process according to the Cybersecurity and Infrastructure Security Agency.
The top-level .gov domain marks an official online presence — one reserved for government agencies to help the public identify official, trusted information. In 2021, management of the registry switched from the General Services Administration to CISA, and domains became free.
In the early days of the program, only federal government organizations could secure a .gov domain. Now, CISA has multiple adoption goals; one is to get all of the top 100 populated cities on a .gov domain. CISA is also working to get more counties on a .gov domain. Migrating to a .gov domain is a key requirement for the State and Local Cybersecurity Grant Program.
The updated registrar launch is a makeover of the old .gov application process and its tribulations. After pausing domain requests at the end of 2023, CISA reopened to applications on Jan. 31 with a new look and features. The fully digital process is estimated to take about 15 minutes and is just one element to the newly launched get.gov interface that’s been in the works since 2022.
(Source: Government Technology)
Cyberattack paralyzes EMT dispatch in Quebec
On January 24, 2024, a cyberattack took out Quebec City’s EMT dispatch services. The latter also covers Saguenay-Lac-Saint-Jean and Côte-Nord, two other administrative regions in Quebec. The incident sharply disrupted ambulance coms and GPS, which hindered the work of 911 dispatch.
“A hacker broke down the computer system and is demanding a ransom; the system has been paralyzed for 24 hours now,” stated the chairman of the paramedical workers’ association, Frédéric Maheux, on January 25.
Dispatchers had to use their own mobile phones and radio communications to stay in touch with EMTs. Suddenly, without the prior triage enabled by the digital dispatching system, all requests were equal priority.
Quebec city hall categorically refused to pay the ransom demanded by the cybercriminal. In order to avoid putting their patients’ health at risk, the city requisitioned all ambulances and available EMTs, and gave their employees overtime. Dispatchers managed to process all requests as if they were top priority.
(Source: inCyber)
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com.
Privacy Policy | GovDelivery is providing this information on behalf of U.S. Department of Homeland Security, and may not use the information for any other purposes.
CDC survey seeks input from correctional staff to improve food safety in jails and prisons
The Centers for Disease Control and Prevention (CDC) has noted that jails and prisons in the United States are experiencing large foodborne outbreaks. These outbreaks affect both incarcerated populations and the workers at these facilities. This can strain correctional staff and local health systems. The CDC is looking to work with correctional and public health partners to improve food safety in correctional settings.
The CDC has developed an anonymous survey to collect information on correctional worker opinions and practices related to food safety in correctional settings. The survey results will help create food safety guidance tailored to the unique needs of jails and prisons and food safety training opportunities for correctional staff.
This survey is open to all federal, state, local, and tribal correctional facility employees, not just those assigned to work in food preparation. The survey is not open to incarcerated workers. The survey is anonymous; information that can be tied to an individual or facility will not be collected.
The CDC estimates that the survey will take less than 30 minutes to complete.
The CDC has provided the following downloadable materials to distribute the survey information:
A one-page letter from the CDC’s Division of Foodborne, Waterborne, and Environmental Diseases with more information, instructions, and a link to the survey.
A QR code that can be scanned by a mobile device to link the participant directly to the survey.
If you work in a correctional facility in the United States, please share these materials with correctional workers within your organization and encourage their participation. These documents can be shared electronically or posted on a wall or message board at your correctional facility. If you work closely with a correctional facility as an allied professional in public safety or public health, please feel free to share this information with any correctional workers or facilities you work with.
The CDC requests that the survey be completed before Saturday, March 30, 2024. Access the survey at the following link:
https://redcap.link/naxi8y9o
(Source: CDC)
Highlights
CDC survey seeks input from correctional staff to improve food safety in jails and prisons
Maui police release preliminary after action report on 2023 Lahaina wildfire
FEMA hosts tabletop exercises on emergency alerts for winter weather emergencies
FSRI launches first online course in updated Fire Safety Academy, Prerequisites for Live Fire Training Participants
Cyber Threats
US Fire Administration
The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).
For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.
subscribe here
Maui police release preliminary after action report on 2023 Lahaina wildfire
On Aug. 8, 2023, Pacific hurricane winds intensified fire behavior in a series of wildfires that occurred on the island of Maui in Hawaii. The wind-driven wildfires destroyed more than 2,200 structures and caused about $5.5 billion in damage. The most significantly impacted area was the historic district of Lahaina, where more than 100 lives were lost. The August 2023 Maui wildfires now rank as the fifth deadliest in U.S. history and the worst natural disaster in Hawaii’s history.
On Monday, the Maui Police Department (MPD) released a preliminary after action report focused on the police response to the Maui wildfires, primarily in Lahaina. The MPD shared the report’s findings at a Feb. 5 news conference.
Several investigations into the Maui wildfires are still ongoing, and this preliminary report is the first analysis to be released by any of the island's emergency response agencies. The MPD’s examination deals exclusively with the Maui police response. It does not address the cause and origin of the fires or the response by fire crews.
During the wildfire, the MPD played a supporting role to the fire response, assisting with evacuations, communications and rescue efforts.
The preliminary report makes 32 recommendations to improve Maui’s police response to future natural disaster response efforts. Some recommendations call for better equipment and updates to technology. For example, two recommendations were to provide officers with better earpieces to use when high winds make it hard to hear police radios and to equip all patrol cars with breaching kits to remove downed trees or utility poles from roadways.
Other recommendations focus on improving communications between emergency personnel and officers themselves, such as stationing a high-ranking officer — a lieutenant or higher — in the communications center to help relay information to police commanders. The report also suggested giving officers in the field more briefings during recovery efforts.
The final MPD report will be released within the next 6 to 12 months. In the meanwhile, the preliminary report will be shared with other law enforcement agencies across the nation for their input and so they can also benefit from the recommendations.
A separate, ongoing investigation is looking into how Maui County and state agencies coordinated emergency alerts, evacuations, firefighting, communications and other details of the response to the fires. Hawaii’s State Attorney General contracted with Underwriters Laboratories’ Fire Safety Research Institute (FSRI) to conduct this independent investigation. According to a recent statement by Hawaii’s Attorney General, phase 1 of FSRI’s investigation is expected to be completed in March 2024. It will include facts of the county and state response and a timeline of the wildfire from Aug. 8-11, 2023.
The investigation into the cause and origin of the wildfires on the island of Maui on Aug. 8 will be completed by Maui County fire officials and other local partners, with assistance from federal investigators with the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF). No timetable for completion of this investigation has been set.
(Sources: MPD, Hawaii News Now, FSRI, ATF, Associated Press, FireRescue1, ABC News)
FEMA hosts tabletop exercises on emergency alerts in February
The Integrated Public Alert and Warning System (IPAWS) is the Federal Emergency Management Agency’s (FEMA’s) national system for local alerting that lets state, local and Tribal Nation authorities send authenticated emergency and life-saving information to the public through mobile phones using Wireless Emergency Alerts, to radio and television via the Emergency Alert System, and on the National Oceanic and Atmospheric Administration's Weather Radio.
To support its emergency alerting partners, FEMA’s IPAWS Technical Support Services Facility (TSSF) conducts exercises on a quarterly basis. These exercises allow Alert Originators to practice, review and exercise their alert, warning, and notification capabilities.
FEMA’s IPAWS Office is offering three tabletop exercise events in February which will allow Alert Originators to practice alert, warning and notification capabilities for winter weather emergencies. This will be a scenario-based exercise with facilitated group discussions to promote peer-to-peer learning. There will be two virtual events and one in-person event, all offering the same training:
Virtual Tabletop Exercise: Tuesday, Feb. 27, 11 a.m.–1 p.m. EST. Register for this event on Zoom.
Virtual Tabletop Exercise: Wednesday, Feb. 28, 1 p.m.–3 p.m. EST. Register for this event on Zoom.
In-Person Tabletop Exercise: Thursday, Feb. 29, 11 a.m.–1 p.m. EST. This event will be held at the National Harbor in Maryland. Seating is limited. To register, please email the IPAWS TSSF training and exercise staff at fema-ipaws-training-exercises@fema.dhs.gov, stating your request to participate, a primary point of contact for your organization, agency name and the number of expected participants.
Watch this short video from FEMA to learn more about IPAWS Tabletop Exercises. Read FEMA’s IPAWS Guidance Fact Sheet to learn how FEMA encourages and supports the incorporation of IPAWS and Alerting Authorities into in emergency management drills, workshops, and exercises.
For general IPAWS questions, please email fema-ipaws-lab@fema.dhs.gov.
(Source: FEMA)
FSRI launches first online course in updated Fire Safety Academy, Prerequisites for Live Fire Training Participants
Fire Safety Research Institute (FSRI), part of UL Research Institutes, just announced the release of the new Prerequisites for Live Fire Training Participants online course. Based on section 4.3.2 of the standard NFPA 1403, this course focuses on the foundational knowledge firefighters need before donning their gear and taking action on the training ground.
After taking this course, firefighters will be able to apply foundational knowledge of fire dynamics, fire behavior and development, firefighting tactics, and firefighter health and safety. This understanding will help them get the most out of their training and make safe and effective decisions on the fireground.
FSRI announced at the end of last month that it launched a major update to its Fire Safety Academy (FSA), the online learning platform that provides firefighters with free access to science-based training. “FSA 2.0” now features seamless integration with other learning platforms, integration of National Fire Protection Association (NFPA) standards, custom learning pathways, blended learning options, shorter and more modular lessons, robust training officer tools, and more.
As the first course launched in the updated Fire Safety Academy, “Prerequisites for Live Fire Training Participants” takes advantage of the new cutting-edge features tailored to training officers. The course is broken down into bite-size lessons that instructors can deliver individually to reinforce a key concept or teach as part of a customized learning pathway. In addition, all lesson videos are downloadable. Instructors can easily integrate the videos into their existing curriculum, facilitating in-person training sessions for groups of students.
To learn more about the course, see FSRI’s press release and short video overview of the course. Access the course at the Fire Safety Academy.
(Source: FSRI)
cyber threats
Cyber Incident Assistance
MS-ISAC
SOC@cisecurity.org
1-866-787-4722
IdentityTheft.gov
IC3
Cybercrime Support Network
General Information
StopRansomware.gov
CISA's Known Exploited Vulnerabilities Catalog
FTC scam list
CISA alerts
Law Enforcement Cyber Center
TLP Information
CISA hosts second Cyber Resilient 911 Symposium
The Cybersecurity and Infrastructure Security Agency’s (CISA’s) Emergency Communications Division (ECD) led the Cyber Resilient 911 (CR911) Program’s second regional symposium in the Southeast, which included CISA regions 4 and 6 as well as Delaware, Puerto Rico, West Virginia, and the U.S. Virgin Islands.
Attendees included 911 administrators, representatives from local centers and IT/cyber communities, and Statewide Interoperability Coordinators (SWICs) from each state and territory. CISA's collaboration history with SWICs is crucial for enhancing nationwide interoperability and strengthening stakeholder relationships, especially in emergency communication systems like 911.
At the symposium, speakers and panelists presented an overview of the current cyber threat landscape and shared resources to help enhance the cybersecurity posture of Emergency Communication Centers (ECCs). Symposium topics included the current state of cyber resilience in the 911 ecosystem, best practices for responding to a cyberattack and the available program resources for each region.
CISA will continue its efforts to reach 911 stakeholders in Spring 2024 and plans to host two additional symposiums in the Western and Central regions. CISA will use the findings from each symposium to help determine how to better serve the 911 community’s cybersecurity needs.
(Source: CISA)
CISA and partners release advisory on PRC-sponsored Volt Typhoon activity and supplemental living off the land guidance
On Feb. 7, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques.
Volt Typhoon actors are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The advisory provides actionable information from U.S. incident response activity that can help all organizations.
To supplement the advisory, the Joint Guidance provides threat detection information and mitigations applicable to LOTL activity, regardless of threat actor. Additionally, CISA has published Secure by Design Alert: Security Design Improvements for SOHO Device Manufacturers, which provides technology manufactures guidance on protecting their products from Volt Typhoon compromises.
(Source: CISA)
HC3 Analyst Note: Akira Ransomware
Akira ransomware is a relatively new ransomware gang that has demonstrated aggressive and capable targeting of the U.S. health sector in its short lifespan.
Akira ransomware was first identified in May of 2023, and in less than a year, it has claimed at least 81 victims. It should not be confused with another ransomware variant known as Akira, which was briefly observed in 2017 but is believed to be unrelated to the most recent and active variant, which is the subject of this paper. There is research suggesting that Akira has connections to the now-defunct Conti ransomware gang.
The technical details of this include similarities in their exploitation approach, the selection of certain types of files and directories for targeting, their choice of application for encryption algorithms, their use of ransom payment addresses, and the incorporation of comparable functions.
U.S. healthcare organizations are advised to follow the steps in this alert to minimize their risk of attack.
Read the full Analyst Note from the Department of Health and Human Services (HHS), Health Sector Cybersecurity Coordination Center (HC3).
(Source: HHS HC3)
Beware of romance/confidence scams ahead of Valentine’s Day
Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim. The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites.
The FBI provides tips for avoiding romance scams along with video interviews with victims and special agents on its Romance Scams page.
If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes. If you suspect an online relationship is a scam, stop all contact immediately. If you are the victim of a romance scam, file a complaint with the FBI’s Internet Crime Complaint Center (IC3).
(Source: FBI)
Boosting .gov adoption: Can a new, quicker process help?
A “record-breaking” number of government agencies applied for an official .gov domain in the first week of February following the launch of a new, fully digital application process according to the Cybersecurity and Infrastructure Security Agency.
The top-level .gov domain marks an official online presence — one reserved for government agencies to help the public identify official, trusted information. In 2021, management of the registry switched from the General Services Administration to CISA, and domains became free.
In the early days of the program, only federal government organizations could secure a .gov domain. Now, CISA has multiple adoption goals; one is to get all of the top 100 populated cities on a .gov domain. CISA is also working to get more counties on a .gov domain. Migrating to a .gov domain is a key requirement for the State and Local Cybersecurity Grant Program.
The updated registrar launch is a makeover of the old .gov application process and its tribulations. After pausing domain requests at the end of 2023, CISA reopened to applications on Jan. 31 with a new look and features. The fully digital process is estimated to take about 15 minutes and is just one element to the newly launched get.gov interface that’s been in the works since 2022.
(Source: Government Technology)
Cyberattack paralyzes EMT dispatch in Quebec
On January 24, 2024, a cyberattack took out Quebec City’s EMT dispatch services. The latter also covers Saguenay-Lac-Saint-Jean and Côte-Nord, two other administrative regions in Quebec. The incident sharply disrupted ambulance coms and GPS, which hindered the work of 911 dispatch.
“A hacker broke down the computer system and is demanding a ransom; the system has been paralyzed for 24 hours now,” stated the chairman of the paramedical workers’ association, Frédéric Maheux, on January 25.
Dispatchers had to use their own mobile phones and radio communications to stay in touch with EMTs. Suddenly, without the prior triage enabled by the digital dispatching system, all requests were equal priority.
Quebec city hall categorically refused to pay the ransom demanded by the cybercriminal. In order to avoid putting their patients’ health at risk, the city requisitioned all ambulances and available EMTs, and gave their employees overtime. Dispatchers managed to process all requests as if they were top priority.
(Source: inCyber)
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com.
Privacy Policy | GovDelivery is providing this information on behalf of U.S. Department of Homeland Security, and may not use the information for any other purposes.
