Report on law enforcement challenges and best practices for response to civil unrest

The Intelligence Commanders Group (ICG) of the Major Cities Chiefs Association (MCCA) has published an after-action review on the 2020 protests and civil unrest that erupted on May 26th, 2020 as a result of the in-custody death of George Floyd and continued to erupt in major cities across the United States and Canada throughout the summer of 2020. The MCCA ICG’s report has been approved for public release.

The MCCA ICG’s after-action review compiled survey data from 68 major cities and counties in a reporting timeframe of May 25th to July 31st, 2020, during which an unprecedented 8,700 total protest events occurred.

The report may be of interest to local jurisdictions who may not have experience with the scale and frequency of protest events seen this year, and who are seeking summary data, as well as guidance from the lessons learned by major cities and metro areas during the civil unrest in the summer of this year.

Interesting findings include:

• Violence was limited to only 7 percent of all protest events in the reporting period.
• Major city law enforcement agencies arrested 16,241 individuals during protest-related events. Nearly 17 percent (2,735) of these arrests were for felony offenses.
• More than half (53 percent) of all agencies reported that their District Attorney’s Office elected not to prosecute protest-related cases. Approximately 52 percent of major city law enforcement agencies reported having to re-arrest suspects at least once at different protest-related events.

Major city and county law enforcement agencies identified and rank ordered the most significant challenges they faced during the protest events. The three top-ranking challenges were:

• Lack of community trust in law enforcement agencies.
• Lack of support from elected officials.
• Low officer morale.

The law enforcement agencies surveyed also identified and prioritized key areas for improvement. The three top-ranking areas were:

• Community outreach. Due to the nature of the protests being anti-police, many protest organizers and groups were unwilling to work with police. In this situation, the presence of neutral actors to act as liaisons between police and protest groups to facilitate some sort of communication becomes critical.
• Increased funding. Funds would be necessary for responsible reforms and the need for improved training
• Accurate media reporting. Media outlets tended to focus their reporting on the violence and events where police use-of-force was used. This encouraged a false narrative that law enforcement agencies were disproportionate in their response.

The full report provides more in-depth information about the nature of the violence, protester tactics, law enforcement response tactics, public perception, and looking ahead to best practices for law enforcement response to future protest events and civil unrest.

(Source: MCCA)

Two comprehensive reports offer guidance for local disaster readiness

The year 2020 has seen an unprecedented number of natural disasters, such as the wildfires in the United States and in Australia, as well as the record-breaking number of hurricanes. The National Oceanic and Atmospheric Administration (NOAA) reports there were 28 such disasters in 1980s, 119 in the 2010s and future projections for increasingly violent and frequent storms.

With natural disasters on the rise, pre-planning will be critical for the resiliency of local jurisdictions. Two reports were published recently offering guidance on local disaster readiness to plan for, respond to and recover from natural disasters.

The International City/County Managers Association (ICMA) has published a study surveying hundreds of local communities on the state of their preparedness for natural disasters. The study also distills the challenges and lessons learned from local officials’ disaster management experiences and outlines a framework of key strategies for local leaders to follow in their emergency planning in order to build resiliency. These key strategies emphasize an enterprise-wide approach to building resiliency in advance of a disaster and the importance of growing a steady network of partners both horizontally and vertically in order to successfully manage the disaster and recovery.

A report from the National Academy of Public Administration reinforced the findings of the ICMA study with their March 2020 report on emergency and disaster management responses. This report takes a case study approach to what has and has not worked well in local disaster prevention, planning, mitigation, response and recovery to natural disasters. Case studies in the report highlight challenges and lessons learned.

(Source: Government Executive)

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

The LAFD successfully deploys firefighting robot

The Los Angeles City Fire Department (LAFD) recently successfully deployed a firefighting robot to contain a fire consuming industrial textile buildings in downtown Los Angeles. This is a great example of using technology in new ways to preserve life safety. After firefighters were ordered out of the building, the Thermite RS3 entered and was able to contain the fire from the inside.

The LAFD is the first department to use the Thermite RS3 in the nation. The robot is capable of formidable fire suppression – it can discharge 2,500 gallons of water or foam per minute – but it can also perform many other essential emergency response tasks. It is equipped with a thermal camera and a visual camera and can see hazards with real-time high-definition video. The RS3 can traverse rough terrain and can pull up to 8,000 pounds with a winch.

These combined capabilities in the RS3 allow first responders to remain up to 500 meters away from danger and operate the RS3 remotely.

(Source: LAFD)

Webinar: How to successfully launch a new public safety UAS program

The International Public Safety Association (IPSA) is offering a webinar for public safety agencies looking to start a new UAS program on Wednesday, January 13, 2021 from 1:00 p.m. to 2:00 p.m. EST.

Unmanned Aerial Systems (UAS) have proven to be useful in myriad ways to the Emergency Services Sector (ESS). As emerging UAS technologies are developed and government regulations solidify their acceptable use, the ESS will undoubtedly benefit from the continued integration of UAS into their arsenal of resources and capabilities. However, their successful integration into the emergency services will also involve planning, training and compliance considerations.

UAS are already being used to assess the operational environment in a variety of ways. Just this year, hurricane response and recovery operations employed drones extensively to assess disaster damage for situational awareness, news coverage, and insurance purposes. Other common uses include fly over assessments of large structure fires, search and rescue operations, or a crime in progress.

The webinar will focus on planning considerations, steps on how to get a new program launched and how to train your team. You can register for this webinar at IPSA’s registration page. Recordings of the webinar will also be available to IPSA members.

(Source: IPSA)

Cyber Information and Incident Assistance Links

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information Links

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

FireEye, Microsoft confirm SolarWinds supply chain attack

Cyber security company FireEye disclosed a serious breach earlier this month. In a developing story relevant to national security and to all United States government agencies, FireEye was not the only target of the attack. Investigators discovered a vulnerability in a product made by one of its software providers, Texas-based SolarWinds Corp. FireEye has identified multiple organizations where it sees indications of compromise dating back to spring 2020 and is in the process of notifying those organizations.

SolarWinds confirmed in a security advisory issued late Sunday that it experienced a manual supply chain attack on versions of Orion released between March and June of this year. The CEO of FireEye stated, “the campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors,” and “each of the attacks require meticulous planning and manual interaction.”

The FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) released a joint statement on Wednesday, December 16, announcing the formation of a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to the breach. The joint statement also specifies how to report suspicious or criminal activity related to this incident.

Visit CISA’s website for official updates on this evolving story.

(Source: CISA)

CISA: SolarWinds' Orion may not be only entry point for hackers

CISA has found evidence suggesting hackers may have been able to breach federal networks through other means than just the SolarWinds Orion software suite.

On the evening of Sunday, December 13, CISA issued a rare emergency directive for all federal agencies to stop using SolarWinds Orion. However, hackers will likely reside inside the government's networks even if SolarWinds Orion is not being used any longer. CISA also stated the hacking campaign's activity means "discussions of findings and mitigations should be considered very sensitive."

A briefing from CISA's acting director stated it could take "weeks, if not months" to understand the full scope of the breach.

(Source: Federal Computer Week)

Nine types of malware and how to recognize them

People tend to play fast and loose with security terminology. However, it's important to get your malware classifications straight because knowing how various types of malware spread is vital to containing and removing them.

The nine distinct types of malware are: viruses, worms, trojans, hybrids and exotic forms, ransomware, fileless malware, adware, malvertising and spyware.

Read the full article for concise definitions of each distinct type of malware and basic approaches for containing and removing each one.

(Source: CSO)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

About InfoGram

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.