Reposted from EMR-ISAC

On Nov. 18, CISA announced the launch of CISA Learning, a learning management system that will modernize training and education for its employees and key stakeholders. This transformative platform is a critical component of CISA's ongoing efforts to streamline and enhance its enterprise learning environment, ensuring the same training available to CISA personnel is also available free of charge to the nation’s veterans and partners from federal, state, local, tribal, and territorial levels of government. CISA Learning replaces the Federal Virtual Training Environment (FedVTE). CISA Learning represents a significant milestone in the agency's workforce and stakeholder development, as it prepares to meet the demands of an ever-changing cybersecurity landscape. The new LMS will be the cornerstone of CISA’s strategy to maintain its position as a leader in cybersecurity education and training. 

See Original Post

Reposted from EMR-ISAC

On Nov. 20, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Addressing these weaknesses is integral to CISA’s Secure by Design and Secure by Demand initiatives, which advocate for building and procuring secure technology solutions.

See Original Post

Reposted from EMR-ISAC

In stressful emergency transport and evacuation situations, individuals with sensory disabilities may face greater difficulties. Emergency management resources, considerations, and techniques can overcome increased threat perception, as well as various mobility and communication barriers. TRB hosted a webinar on Tuesday, November 26, 2024, from 12:00 PM to 1:30 PM Eastern that provided a holistic overview of the mobility challenges of people with sensory disabilities (e.g., vision, hearing, spatial awareness, etc.) in emergency situations, practical planning practices to enhance emergency preparedness, accessible and inclusive communications, and strategies to secure organizational support. This webinar was sponsored by TRB’s Standing Technical Committees on Disaster Response, Emergency Evacuations, and Business Continuity; Transportation and Public Health; and Equity in Transportation.

The slides are available. Please contact trbwebinar@nas.edu for a link to the recording. There may be a $90 fee.

Webinar agenda and presenters

1. Incorporating vulnerable populations into hospital emergency planning – Rosemary McDonnell, DC Homeland Security and Emergency Management Agency and St. John’s University

2. Outreach strategies for enhancing the emergency preparedness for individuals with sensory loss – Meg Robertson, retired from Massachusetts Commission for the Blind

3. Building effective alerts and warnings for persons with access and functional needs – Jeannette Sutton, University at Albany, State University of New York

4. Question and answer session moderated by Thayanne Ciriaco, University of Alberta

The first 60 minutes of the webinar were for presentations and the final 30 minutes were reserved for audience questions.

Learning Objectives

At the end of this webinar, participants can:

1. Assess their organization’s current level of emergency planning for people with sensory disabilities and share best practices to improve it in an engaging and meaningful way

2. Use effective strategies to engage technical and organizational support to enhance emergency preparedness in terms of transportation, evacuation, and sheltering for people with disabilities or other access and functional needs

3. Implement effective communication strategies, including warning messages in accessible and preferred languages and formats

This webinar was delivered as a scheduled – e-learning live event and is categorized within RCEP as Technical, Health and Safety. Professional Development Hours (PDHs) earned on completion of this program were reported to the Registered Continuing Education Program (RCEP). Certificates of Completion are issued to all participants via the RCEP.net online system. 

See Original Post

Reposted from EMR-ISAC

As colder weather approaches, homeowners will turn on their furnaces and gas fireplaces for the first time in several months. Some may also use portable generators to heat their homes during power outages caused by heavy snow, ice storms, or other extreme winter weather. Fuel-burning home heating equipment – like gas furnaces, boilers, stoves, portable generators, and portable heaters - can generate significant amounts of carbon monoxide. For example, a single portable generator can produce as much carbon monoxide as hundreds of cars. November is Carbon Monoxide Awareness Month. Carbon monoxide (CO) is called the “invisible killer” because it's a colorless, odorless, poisonous gas. If not maintained and operated safely, home heating equipment can expose people to toxic or lethal amounts of CO. Without a CO detector, CO can accumulate in the atmosphere undetected until it’s too late. A February 2024 report from the Consumer Product Safety Commission (CPSC) found that accidental non-fire related CO poisoning deaths associated with consumer heating products have been trending upward for the 11-year period from 2010 to 2020. Over 200 people die of non-fire CO poisoning every year. Nearly half of these deaths are associated with portable generators, and more than half of non-fire CO deaths each year occur in the colder months between November and February. Public safety and health professionals can help prevent CO poisoning by keeping their communities informed about the dangers of CO, how to safely operate their heating equipment, and how use and maintain their CO detectors. One of the most critical safety measures is to ensure that CO detectors are installed on each level of the home, especially near sleeping areas. CO detectors must be checked regularly to be sure they are functioning properly. Additionally, CO detectors and home heating equipment are subject to safety recalls. Just this month, CPSC announced two recalls related to CO poisoning risk:

• New Cosmos USA Recalls Combination Natural Gas and Carbon Monoxide Alarms Due to Failure to Alert Consumers to the Presence of Natural Gas and to the Risk of Carbon Monoxide Poisoning
• Lochinvar Recalls Condensing Boilers Due to Risk of Carbon Monoxide Poisoning

Check to see if your CO detector or home heating equipment has been recalled at www.cpsc.gov/recalls and stay up to date on the latest recalls by subscribing to updates from the CPSC. Read more safety tips at the CPSC’s Carbon Monoxide Safety Center. Visit the NCOAA’s website for instructional materials and information about initiatives that are working to prevent CO poisoning through codes and standards, regulations, products, and public awareness. See the U.S. Fire Administration’s (USFA’s) messages and free materials to educate your community on CO poisoning prevention.

See Original Post

Reposted from CISA/DHS

We would like to invite you to the Commercial Facilities Sector's Quarterly Threat & Initiatives Briefing on Tuesday, December 10th, 2024, from 2:00 PM – 3:00 PM EST. This virtual briefing will focus on Seasonal Security Threats Facing Commercial Facilities Post-Election and During the Holiday Period. While this session is primarily for stakeholders within the Commercial Facilities Sector, all partners and interested parties are welcome to attend.

Please click the link below to register: https://events.gcc.teams.microsoft.com/event/d3e46091-06d4-4958-8f0b-0adbf0d0793a@69c613d2-b051-4234-8ed1-fd530b70d5d3

Agenda:

• 2:00 PM - 2:05 PM: Opening Remarks
  Michael Stewart, Commercial Facilities Sector
  Nick Williams, Region 3 Sector Outreach Coordinator
• 2:05 PM - 2:25 PM: “Physical and Cyber Threat Overview”
  Luis Rovira, DHS Office of Intelligence & Analysis
• 2:25 PM - 2:45 PM: “Protective Security Advisor Options for Consideration”
  Bob Winters, Protective Security Advisor – Pittsburgh
• 2:45 PM - 3:00 PM: Question and Answer Session 
• The meeting will be conducted virtually and is unclassified, so please feel free to share this invite with others who may benefit.

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) published Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization. This advisory provides network defenders and software manufacturers with recommendations for improving their cybersecurity posture based on lessons learned and key findings from an assessment.  Key findings of ineffective cybersecurity practices in this advisory include:  

• Perimeter network was not adequately firewalled from its internal network.  
• Over reliance on host-based tools and lack of network layer protections, such as well-configured web proxies or intrusion prevention systems (IPS)
• Insufficient legacy host monitoring that lacks a local end-point detection and response solution.  
• Insecure configurations on multiple systems including default server, hosts with unconstrained delegation enabled unnecessarily, and account configuration.   
• No review of security alerts by network defenders.   
• Inadequate identity management; and  
• Use of known insecure and outdated software.   

Lessons learned from this assessment include:  

• Assess and ensure sufficient technical controls to prevent and detect malicious activity.  
• Require continuous training, support, and resources to implement secure software configurations and detect malicious activity; and  
• Effective organizational leadership will not minimize the business risk of known attack vectors or deprioritize the treatment of a vulnerability their own cybersecurity team identifies.  

CISA encourages all organizations to review this advisory and apply the recommended mitigations which will help ensure security processes and procedures are up to date and effective.  

CISA also urges software manufacturers to embrace Secure by Design principles and implement the recommended actions and mitigations to improve security outcomes of their customers from real-world threats. The findings in this advisory illustrate the outsized burden and costs of compensating for insecure software and hardware borne by critical infrastructure owners and operators. 

See Original Post 

Reposted from CISA/DHS

To celebrate National Critical Infrastructure Security and Resilience Month, the Office of the Director of National Intelligence NCSC and CISA, as the National Coordinator for Critical Infrastructure Security and Resilience, released NEW guidance to assist critical infrastructure owners and operators to detect and mitigate efforts by foreign intelligence entities to disrupt U.S. critical infrastructure. We are excited to share this guidance with you! As a nation, we are seeing continued cyber and physical threats to critical infrastructure Americans rely on every day. U.S. adversaries and their foreign intelligence entities understand the importance of the critical infrastructure sectors and how degrading them could hinder our national response to events. Resolve to #BeResilient. Read more about the threat and mitigation steps at Safeguarding Our Critical Infrastructure.

See Original Post

Reposted from CISA/DHS

During the holiday season, you may receive emails or text messages about a deal you just can’t miss, or an opportunity to give for charities you don’t recognize. Sadly, during this season of giving, we must all be on the lookout for scammers who use tactics like asking you to click on a link that installs malware on your device or creating a fake online store to trick you into buying from them, resulting in your money or even your identity being stolen. So how big of a problem are holiday online shopping scams? According to the FBI, almost 12,000 victims reported scams during the 2022 holiday shopping season, resulting in over $73 million in losses. The good news is that Secure Our World has tips to protect you and your family, friends and business from these scams. Visit our Holiday Online Shopping web page for additional tips and to learn more. 

See Original Post

Reposted from CHRTF

Free Online Conference 

When-December 2-5, 2024

Disaster Risk Managment for Cultural Heritage

Focus on Conservation 2024

What are the risks for objects in our collections? What can we do to protect them before, during, and after disaster strikes?

This international conference will look into preparation, response, training, research, and networks to address and mitigate the effect of disasters on cultural heritage.

Participation is free, registration required.

See Original Post

Reposted from EMR-ISAC

Weather and climate change can drastically impact how we prepare for and respond to environmental emergencies.

The State of Michigan’s Department of Environment, Great Lakes, and Energy (EGLE) is hosting a webinar on Wednesday, Nov. 20 at 1 p.m. EDT, The National Weather Service: An Important Partner in Emergency Preparedness, Response, and Recovery. This webinar is part of Michigan EGLE’s Environmental Emergency Preparedness and Response series.

This webinar will feature a presentation from Jim Maczko, a Warning Coordination Meteorologist with the National Weather Service, who will discuss:

• National Weather Service engagement with emergency management in preparedness/mitigation, response, and recovery.
• Weather versus climate and how changes in climate translate into outcomes that affect people.
• National Weather Service flood forecasts- from long-range outlooks to real-time emergency warnings.

Register for this webinar on Zoom.

See Original Post