View as a webpage / Share

Volume 24 — Issue 1 | January 4, 2024

OSHA expands protections for emergency workers with proposed “Emergency Response” standard

Emergency response workers in America face considerable occupational health and safety hazards in dynamic and unpredictable work environments. The Occupational Safety and Health Administration (OSHA) has recognized the need for a comprehensive, up-to-date emergency response standard to address the full range of job hazards faced by today’s emergency responders.

On Dec. 21, the U.S. Department of Labor announced that OSHA will issue a Notice of Proposed Rulemaking later this month to modernize the agency’s “Fire Brigades” standard (29 CFR 1910.156), which has only had minor updates since it was first published in 1980.

The Fire Brigades standard currently applies to a narrow audience of workers, namely, fire brigades, industrial fire departments and private or contractual fire departments. This standard was originally intended to be used by employers who have a subset of employees assigned to fight fire in the early stages while waiting for their jurisdiction’s fire department to arrive on scene. These employees do not necessarily perform emergency response functions as part of their regular, everyday jobs.

OSHA intends to use the “Fire Brigades” standard as a baseline for a significant update to OSHA 1910.156, which would be re-titled, “Emergency Response”. The new standard would apply to a much broader audience of emergency workers and would address a much broader range of occupational hazards.

OSHA has just published an unofficial draft of the proposed rule for review. OSHA’s proposed rule would update 29 CFR 1910.156 so that it applies to firefighters (both structural and wildland), emergency medical service providers, and technical search and rescue workers. OSHA estimates that about 1 million emergency response workers would fall into the scope of the proposed rule. While OSHA standards apply only to employees and therefore do not apply to most volunteer responders, volunteers may be treated as employees under some states’ laws. OSHA estimates that about 300,000 volunteer responders would fall within the scope of this proposed rule.

Notably, OSHA’s proposed standard would bring OSHA 1910.156 into alignment with the Federal Emergency Management Agency’s (FEMA) National Response Framework and the National Incident Management System (NIMS). It would modernize the standard to align with the current industry consensus standards issued by the National Fire Protection Association on the safe conduct of emergency response activities. The proposal includes major changes for protective clothing and equipment and significant improvements in safety and health practices that the industry generally accepts as standard procedures.

OSHA notes that the proposed rule is a “performance-based” standard, providing flexibility for affected employers to establish the specific criteria that best suits their organization. OSHA intends the performance-based nature of the proposed rule to be beneficial to small and volunteer organizations with limited resources.

OSHA has established a dedicated web page for the Emergency Response Ruling where the link to the official draft in the Federal Register and instructions for submitting comments will be made available in the coming weeks. OSHA may schedule an informal public hearing on the proposed rule if requested during the comment period.

(Source: OSHA)

FEMA releases Mitigation Assessment Report on Hurricane Ian in Florida

FEMA’s Building Science Disaster Support Program sends teams of experts to assess the performance of buildings, structures and community lifelines after disasters like extreme wind, floods, wildfires, and earthquakes.

These expert teams, called Mitigation Assessment Teams (MATs), help communities recovering from disasters answer questions like, “How do we build back better?” and “What can we do differently to prevent future damage?”

Hurricane Ian struck the Southwest Florida coast as a Category 4 hurricane on Sept. 28, 2022. It produced catastrophic storm surge, powerful winds, and unprecedented freshwater flooding that caused considerable damage throughout central and northern Florida and significant harm to the region's infrastructure and communities. It is estimated to be the costliest hurricane to strike Florida and the third costliest in United States history.

In January 2023, a full MAT was deployed to assess the performance of buildings to determine causes of damage and results of successful mitigation. Last month, FEMA released a Mitigation Assessment Team Report on the MAT’s findings, Hurricane Ian in Florida: Building Performance Observations, Recommendations, and Technical Guidance (FEMA P-2342) [PDF, 80 MB].

The 615-page report first summarizes the impact of Hurricane Ian and provides an overview of Florida’s building codes, standards, and regulations related to floods, wind, floodplain management, evacuation and sheltering. It then outlines the observations of the MAT during the field assessments carried out in Florida, organized into three areas: flooding, wind, and critical facilities. The report then draws 53 conclusions and makes 83 recommendations to improve building, utility and community resilience on the local and state levels.

The recommendations in the report are presented as guidance to the many stakeholders who are involved with the design, construction, and maintenance of the built environment in the state, as well as other regions impacted by hurricanes. These include federal, state, and local governments; building officials and floodplain administrators and regulators; the design and construction industry; building code and standard organizations; academia; emergency managers; building owners and operators; and any other stakeholders who can take action to mitigate damage from future natural hazard events.

In addition to the MAT report, FEMA published three new Recovery Advisories based on specific findings from its assessments of buildings after Hurricane Ian. The Advisories provide insights regarding building improvement opportunities. Recommendations in the Advisories are applicable to buildings experiencing similar issues and need not be limited to the state of Florida or to hurricanes.

The Recovery Advisories are included in Appendix B of the report and were also published as separate documents:

• Hurricane Ian Recovery Advisory 1: Designing for Flood Levels Above the Minimum Required Elevation After Hurricane Ian.
• Hurricane Ian Recovery Advisory 2: Reducing “Loss of Utility” Impacts to Critical Facilities.
• Hurricane Ian Recovery Advisory 3: Reducing Water Intrusion Through Windows and Doors.

Access the report within FEMA’s Building Science Resource Library. The individually published Recovery Advisories are also available in the library.

(Source: FEMA)

DHS S&T’s Preparedness Series explores role of science and tech in the emerging threat landscape

The Department of Homeland Security, (DHS), Science and Technology Directorate (S&T) recently released a series of reports offering a visionary look at the emerging threat landscape and opportunities on the horizon to tackle these threats head on.

This four-part Preparedness Series is designed to raise awareness of our unpredictable future and explore the role of science and technology in addressing future challenges posed by climate change, artificial intelligence, and other emerging technologies:

• Preparedness in Times of Rapid Change. This paper discusses the changing threat landscape, the unprecedented unpredictability of what’s next in technological advances, the complexity of our current and future world, and implications for how to protect the homeland. As the threats have evolved in recent years, the historical distinction between homeland and national security challenges has continued to blur. The rapidly evolving landscape of concerns is creating new demand for tools and training for those protecting the front lines.
• S&T/Harvard Climate Workshop: Opportunities for Improved Prevention and Response in the U.S. Arctic and Alaska. Extreme weather events have big implications for managing risks to lifeline functions such as public safety, transportation, energy, and healthcare. Impacts to the Arctic region and Alaska are being felt four times faster than other parts of the country. For the United States, the opening of the northern latitudes will have complex geopolitical consequences for protecting borders and waterways, patrol and rescue operations, communications, territorial and resource claims, and the resilience of critical infrastructures. This paper details opportunities for improved prevention and response in the U.S. Arctic and Alaska.
• Foundation Models at the Department of Homeland Security: Use Cases and Considerations. Considered the modern-day backbone of artificial intelligence (AI), a foundation model (FM) is a type of machine learning model that is trained on a broad set of general domain data which can then be used as a foundation for specialized AI applications. This analysis examines a host of homeland security mission use cases for FMs in new domains.
• Risks and Mitigation Strategies for Adversarial Artificial Intelligence Threats: A DHS S&T Study. This report introduces the concept of “adversarial AI” (AAI) and explores future AAI threats, risks, and mitigation strategies to help DHS develop a risk-informed approach to mitigating AAI threats and vulnerabilities.

The Preparedness Series is currently featured on DHS S&T’s Artificial Intelligence page. See DHS S&T’s Dec. 21 news release to learn more.

(Source: DHS S&T)

State of 911 webinar: Workforce Evolution & Statewide 911 Recruitment Campaigns, Jan. 9

The National Highway Traffic Safety Administration’s (NHTSA’s) National 911 Program will host a webinar in its State of 911 series on Tuesday, Jan. 9, 2024, at 12 p.m. EST entitled Workforce evolution and statewide 911 recruitment campaigns.

Nationwide, 911 Answering Points are struggling to hire and retain staff. In this webinar, participants will hear directly from practitioners about their recruitment and retention strategies.

For the first part of this webinar, the director of Aurora 911 in Aurora, Colorado, will present her insights on the evolution of the 911 workforce, including how the workforce has changed since the COVID-19 pandemic, its impact on Public Safety Answering Points (PSAPs), challenging traditionalism and status quo, and how she is working toward change in her own center.

In the second part of the webinar, participant will hear from representatives in Minnesota and North Carolina about their statewide 911 recruitment campaigns. The goal of each campaign was to recruit candidates for 911 telecommunicator job openings, increase the applicant pool across each state, and draw awareness to these positions and their contribution to the community.  Both states will share information on how to start an effective recruitment campaign and how their respective campaigns connected with job seekers to support local PSAPs.

The State of 911 webinar series is designed to provide useful information for the 911 stakeholder community about federal and state participation in the planning, design, and implementation of Next Generation 911, or NG911 systems. It includes real experiences from leaders utilizing these processes throughout the country. The recording and slide deck from every webinar in the series is posted online shortly after the event. Sign up for email alerts to be notified when upcoming webinars are announced.

Learn more and register for the Jan. 9 webinar at 911.gov.

(Source: National 911 Program)

CISA releases Microsoft 365 Secure Configuration Baselines and SCuBAGear tool

On Dec. 21, CISA published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines.

The release incorporates stakeholder input from last year’s public comment period and pilot effort with federal agencies. Changes to the draft Microsoft 365 Secure Configuration Baselines were integrated with the SCuBAGear tool, which is also now more automated to reduce organization effort.

For more information, read CISA’s blog and contact CISA’s Cybersecurity Shared Services Office for additional support.

(Source: CISA)

17 CIS experts' cybersecurity predictions for 2024

To put next year into context, the Center for Internet Security (CIS) spoke to more than a dozen of its experts about their cybersecurity predictions for 2024. Experts described increasing cyber threats in the realms of social engineering, phishing, and smishing; increasing threats from ransomware attacks and associated concerns for privacy and protection of personal information; the rise of ChatGPT and other advanced language models; quantum computing; cybersecurity workforce challenges; continued migration of on-premises services to Software as a Service (SaaS) in cloud environments; and more.

CIS experts predict that this year will see a move toward more automated prevention of threats; more visible and direct action from the U.S. government in major incident response; and more enterprise-level actions like the zero-trust initiatives of the Department of Defense and the federal government. “Security by design” will become a mantra for software developers and vendors; cyber issues will become more ‘mainstreamed’ into the broader domain of corporate risk management; and maintaining cybersecurity insurance will be challenging and will come with its own security risks.

Read CIS’ Jan. 4 blog for an in-depth rundown of all cybersecurity predictions for 2024.

(Source: CIS)

Cyberattack on Massachusetts hospital disrupted records system, emergency services

The string of damaging cyberattacks against U.S. healthcare facilities continued this week as an incident knocked out the electronic health records system at a Massachusetts hospital and caused the facility to turn away ambulances on Christmas Day.

Anna Jaques Hospital, about 35 miles north of Boston, was “open to all patients” on Friday as it continued to recover from the attack, a spokesperson told WCVB-TV. Reports said the hospital resumed accepting ambulances on December 26.

The facility, part of the Beth Israel-Lahey Health system, has not released details about the attack, which reportedly began on December 24. Hospital officials said they contacted cybersecurity professionals as part of their incident response, according to a report on Thursday by the Daily News of Newburyport.

(Source: The Record)

Cyberattack on Pa. water system prompts U.S. officials to warn other states

The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. Then it — along with several other water utilities — was struck in November 2023, by what federal authorities say are Iranian-backed hackers targeting a piece of equipment specifically because it was Israeli-made.

The danger, officials say, is hackers gaining control of automated equipment to shut down pumps that supply drinking water or contaminate drinking water by reprogramming automated chemical treatments.

A number of states have sought to step up scrutiny, although water authority advocates say the money and the expertise are what is really lacking for a sector of more than 50,000 water utilities, most of which are local authorities that, like Aliquippa’s, serve corners of the country where residents are of modest means and cybersecurity professionals are scarce.

In March, the U.S. Environmental Protection Agency proposed a new rule to require states to audit the cybersecurity of water systems. It was short-lived. Meanwhile, states are in the midst of applying for grants from a $1 billion federal cybersecurity program, money from the 2021 federal infrastructure law. But water utilities will have to compete for the money with other utilities, hospitals, police departments, courts, schools, local governments and others.

(Source: CBS News Pittsburg)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.