Category Archives: Department of Homeland Security

Pandemic Playbook Faults

Posted on by

Several weeks ago, Politico published an article describing how President Trump failed to adhere to the 2016 Pandemic Playbook complete with the document itself. That is found here.

Here's the Pandemic Playbook That Trump Ignored

After it was brought to my attention, I read it thoroughly and began to break it down to determine the failures and faults. NBC News has picked up the same blame mission posted today.

The summary is noted below.

Pandemic Playbook Faults

It begins with Congress when in the funding process of 2015 to 2016 or even to 2017, appropriations were never allocated to specific pandemic outbreaks other than the normal funding architecture for what is known as ICBRNR. This includes the omission of the Strategic National Stockpile inventory that was not adequate for a national outbreak, yet is annexed by individual state stockpiles including medical facility inventories. FAULT 1

The World Health Organization is the lead global organization of which the United States is the largest financial contributor to provide recommendations from assessments that include epidemiology, humanitarian/development/ public health impact, transmission/outbreak/potential for public concern. WHO was willingly prevented from doing this by the Chinese Communist Party.

Dr. Mike Ryan, WHO’s top emergencies expert, asked about an international business meeting held at a Singapore hotel on Jan 20-22, said it did not appear to have spread the virus widely.

“No, I think it is way too early and much more of an exaggeration to consider the Singapore conference event a ‘super-spreading event’,” Ryan said. ( Reuters: February 10, 2020)   FAULT 2

The WHO is to advise on travel, perform surveillance, infection control, tender medical cure(s) to the host country. After this advise and action by WHO, U.S. Health and Human Services then based on WHO assessments and recommendations, launches the National Emergency Action Center. WHO finally under pressure from the international community, admitted an error in its assessment of the Wuhan Laboratory on January 28, 2020. FAULT 3 (2 days later, President Trump restricted/halted flights from China into the United States).

Meanwhile, the United States through the U.S. State Department had several operations launched to address the potential global outbreak and that included running private flights to various locations around the globe to retrieve American citizens and bring them home. Further, earnest offers were being provided to Wuhan and Beijing by the USG to send in virologist and medical personnel to examine research protocols, gather lab samples, perform specimen sharing, collaborate on pharmaceuticals and treatments as well as to review global stockpiles, medical treatment infrastructure (read hospitals) and to offer proposed budget items to the U.S. Congress. Not only did were these offers extended to China, but to any other nation that was lacking in resources including Italy and Iran. FAULT 4 for China

Meanwhile as the Senate impeachment hearings began on January 16, 2020, the Trump administration launched the White House Coronavirus Task Force on January 29, 2020. The first known case of COVID -19 was reported in Washington State on January 20, 2020 as a 35 year old man had just returned from Wuhan on January 15. It was not until March 11, 2020 that WHO declared COVID -19 a pandemic. FAULT 5

As for all the other U.S. Federal agencies, they take the lead from HHS which takes the lead from WHO. The number of Federal agencies is substantial and not only do they include the normal well known agencies, they also include the Veterans Administration, USAID, Office of Global Affairs, embassies, FBI, CIA, GOARN otherwise the Global Outbreak Alert and Response Network. There of course is the CDC with clinical trial research papers, various trial invitations, there is the Customs and Border Patrol and the U.S. Coast Guard for cross border travel and sea travel, the FAA and the branches of the U.S. military. Orchestrate all that for the benefit of the state Governors who hold the most significant power and responsibility when outbreaks occur. It is the Federal government that only provides guidance and assistance as a multi-state event occurs.

This summary comes from reading the Politico article on how President Trump failed the Pandemic Playbook. That is hardly the case if one actually reads the whole playbook. After the 2016 playbook was authored and published in 2015 for 2016, did Congress standup a hearing to determine funding specific to a pandemic? The playbook recommended early budget and financial analysis and supplemental funding from Congress. Did that happen? NO Fault 6.

There is more but based on the items in the playbook, it was done by committee as a result of the Ebola outbreak in 2014. The playbook per the text is merely a checklist for domestic and international guidance.

GWB was Obsessed with Pandemic Preparations in 2005

Posted on by

The efforts of the Bush administration was intense over the ensuing three years, including exercises where cabinet officials gamed out their responses, but it was not sustained. Large swaths of the ambitious plan were either not fully realized or entirely shelved as other priorities and crises took hold.

“There was a realization that it’s no longer fantastical to raise scenarios about planes falling from the sky, or anthrax arriving in the mail,” said Tom Bossert, who worked in the Bush White House and went on to serve as a homeland security adviser in the Trump administration. “It was not a novel. It was the world we were living.”

According to Bossert, who is now an ABC News contributor, Bush did not just insist on preparation for a pandemic. He was obsessed with it.

“He was completely taken by the reality that that was going to happen,” Bossert said. In a November 2005 speech at the National Institutes of Health, Bush laid out proposals in granular detail — describing with stunning prescience how a pandemic in the United States would unfold. Among those in the audience was Dr. Anthony Fauci, the leader of the current crisis response, who was then and still is now the director of the National Institute of Allergy and Infectious Diseases.

Bush told the gathered scientists that they would need to develop a vaccine in record time.

“If a pandemic strikes, our country must have a surge capacity in place that will allow us to bring a new vaccine on line quickly and manufacture enough to immunize every American against the pandemic strain,” he said.

Bush set out to spend $7 billion building out his plan. His cabinet secretaries urged their staffs to take preparations seriously. The government launched a website, www.pandemicflu.gov, that is still in use today. But as time passed, it became increasingly difficult to justify the continued funding, staffing and attention, Bossert said.

“You need to have annual budget commitment. You need to have institutions that can survive any one administration. And you need to have leadership experience,” Bossert said. “All three of those can be effected by our wonderful and unique form of government in which you transfer power every four years.”

***

Then in 2006, enter Senator Burr:

The Pandemic and All-Hazards Preparedness and Advancing Innovation Act (PAHPAI) is legislation introduced and passed by the U.S. Congress in 2019 that aims to improve the nation’s preparation and response to public health threats, including both natural threats and deliberate man-made threats.[1]

A previous bill (with a near-identical name), the Pandemic and All-Hazards Preparedness Act (PAHPA), was signed into law in 2006 and reauthorized in 2013 in order to create a system that prepares for, and responds to, public health threats that could turn into emergencies.

The 2019 bill (PAHPAI) was introduced by U.S. Senators Richard Burr (R-NC), Bob Casey (D-PA), Lamar Alexander (R-TN), and Patty Murray (D-WA).[1] Congress passed the bill and sent it to President Trump for his signature in June 2019. (The bill number is S. 1379).

What went on at the State level during all this time? Well in recent years, there was an exercise called Crimson Contagion.

Crimson Contagion 2019 was/is a Functional Exercise, a national level exercise series conducted to detect gaps in mechanisms, capabilities, plans, policies, and procedures in the event of a pandemic influenza.  Current strategies include the Biological Incident Annex to the Response and Recovery Federal Interagency Operational Plans (2018), Pandemic Influenza Plan (2017 Update), Pandemic Crisis Action Plan Version 2.0, and CDC’s Pandemic Influenza Appendix to the Biological Incident Annex of the CDC All-Hazard Plan (December 2017). These plans, updated over the last few years, were tested by the functional exercise with emphasis on the examination of strategic priorities set by the NSC. Specifically, examined priorities include operational coordination and communications, stabilization and restoration of critical lifelines, national security emergencies, public health emergencies, and continuity. The Crimson Contagion 2019 Functional Exercise included participation of almost 300 entities – 19 federal departments and agencies, 12 states, 15 tribal nations and pueblos, 74 local health departments and coalition regions, 87 hospitals, 40 private sector organizations, and 35 active operations centers. The scenario was a large-scale outbreak of H7N9 avian influenza, originating in China but swiftly spreading to the contiguous US with the first case detected in Chicago, Illinois. Continuous human-to-human transmission of the H7N9 virus encourages its spread across the country and, unfortunately, the stockpiles of H7N9 vaccines are not a match for the outbreak’s strain; however, those vaccines are serviceable as a priming dose. Also, the strain of virus is susceptible to Relenza and Tamiflu antiviral medications. The exercise was intended to deal with a virus outbreak that starts overseas and migrates to the US with scant allocated resources for outbreak response and management, thereby forcing the Department of Health and Human Services (HHS) to include other agencies in the response. To do so, the exercise began 47 days after the identification of the first US case of H7N9 in Chicago, otherwise known as STARTEX conditions. Then, the HHS declared the outbreak as a Public Health Emergency (PHE), the World Health Organization (WHO) declared a pandemic, and the President of the United States declared a National Emergency under the National Emergencies Act. As was the case in the 1918 Great Influenza, transmissibility is high and cases are severe. At STARTEX, there are 2.1 million illnesses and 100 million forecasted illnesses as well as over half a million forecasted deaths. As the pandemic progresses along the epidemiological curve, the overarching foci of the federal-level response adjusts across four phases:

  1. Operational coordination with public messaging and risk communication
  2. Situational awareness, information sharing, and reporting
  3. Financing
  4. Continuity of operations

The outcome of the Crimson Contagion is that vaccine development is the silver bullet to such an outbreak, but there are complications beyond its formulation. Namely, the minimization of outbreak impact prior to vaccine development and dispersal, strategy for efficient dissemination of the vaccine across the country, allocation of personal protective equipment (PPE), and high expense of vaccine development and PPE acquisitions. The exercise concluded that HHS requires about $10 billion in additional funding immediately following the identification of a novel strain of pandemic influenza. The low inventory levels of PPE and other countermeasures are a result of insufficient domestic manufacturing in the US and a lack of raw materials maintained within US borders.  Additionally, the exercise revealed six key findings:

  1. Existing statutory authorities, policies, and funding of HHS are insufficient for a federal response to an influenza pandemic
  2. Current planning fails to outline the organizational structure of the federal government response when HHS is the designated lead agency; planning also varies across local, state, territorial, tribal, and federal entities
  3. There is a lack of clarity in operational coordination regarding the roles and responsibility of agencies as well as in the coordination of information, guidance, and actions of federal agencies, state agencies, and the health sector
  4. Situation assessment is inefficient and incomplete due to the lack of clear guidance on the information required and confusion in the distribution of recommended protocols and products
  5. The medical countermeasures supply chain and production capacity are currently insufficient to meet the needs of the country in the event of pandemic influenza
  6. There is clear dissemination of public health and responder information from the CDC, but confusion about school closures remains.

A few years go, DHS published the National Response Framework Second Edition May 2013 and later,  FEMA published a 143 page report known as the Biological Incident Annex to the Response and Recovery Federal Interagency Operational Plans Final – January 2017

as a follow up to the work that began in 2008.

Many things certainly were going on that otherwise have not received media attention and the above is by no means a full accounting. The above is only referenced for perspective and context.

So while so many are working to find a single solution to Covid 19, there is not one cure but more in the realm of hundreds or perhaps thousands. Furthermore, while so many want to place blame, that too is misguided to point to U.S. politicians and medical experts. When it comes to Dr. Fauci or Bill Gates and his Event 201, understand that every medical counter-measure to pandemics call for growing viruses in laboratories and getting patents for the work each does including pharmaceutical companies and universities. We of course have the bureaucracy of clinical trials and they do take lots of time to launch and process.

Slow down readers, stop with the blame games, stop with finding fault, let’s deal with the here and now to get this behind us, never to repeat. If anything, blame the Communist Party of China, begin and end there and re-examine national policy with Beijing.

Vendors Return in Wuhan as China Prepares COVID-19 ... source

While Pelosi and Schiff have a new oversight commission led by Congressman Clyburn, which was in the $2T stimulus bill, so what? You say it is just another plot to go for another impeachment of President Trump? Nah…it is only the Democrats and media’s plot and wont happen. A full investigation of all things Covid 19 would hardly be completed by 2024.

Oh yeah, for those of you angry at Senator Burr for selling stock, we dont know how many in congress did sell stock. Remember, Senator Burr authored that pandemic bill in 2006….and it was signed into law.

Senators did receive a closed-door briefing on the virus on Jan. 24, which was public knowledge. A separate briefing was held Feb. 12 by the Senate Health, Education, Labor and Pensions Committee, which Burr is a member of. It’s unclear if he attended either session.

One must ask if the Senate Intelligence Committee received the briefing, who gave the briefing and did that same briefing happen in the House? That is always the policy. If so, how come the Chairman of the House Intelligence Committee, you know, Adam Schiff never said a thing about it. Inquiring minds want to know.

Meanwhile….

Just follow hygiene rules and let’s get America into full restoration mode…FAST.

 

 

 

C’Mon Florida, Let’s Sew Some Masks for Donation

Posted on by

Can Florida lead the nation in volunteers sewing masks for medical personnel? Yes, there is a shortage of N95 masks and hospital personnel often reuse their N95 masks during shortages. Florida can help. The faster we help our state, the faster we restore the lives of everyone. Even if you don’t sew, you are still needed to put out the call for fabric, cutting the patterns, making phone calls and even deliveries.
This is our moment, this is our duty, this is our safety.

Hamilton County Public Health Accepting Homemade Masks ... source

READ ON…

So, we need masks. After much searching, I found an instructional video for sewing masks to meet the requirements of medical personnel including reference to the CDC.

In this video I’m going to show you how to sew a reusable face mask with filter pocket. This medical face mask can be sewn in 5 minutes! Great mask pattern to batch sew masks for hospitals quickly. These mask are super comfortable to wear by themselves (with or without the filter), over the top of hospital PPE masks and are made of washable materials. No elastic, no pleats to sew, have a flexible nose band and fit the face really well. No ear pain since the straps do not sit directly behind your ear-making it ideal for those 12+ hour shifts. Great beginner sewing pattern. Disclaimer: These masks are not going to prevent you from contracting any sort of respiratory illness. They are meant to be used as a temporary solution and will only provide minimal protection.

Before beginning to batch sew masks, I highly encourage you to contact your local hospital, clinic or long term care facilities to see if they have specific types of masks they are looking for. I’ve heard many hospitals are only accepting specific masks types.

You may be asking about contamination in the sewing process. Okay, here is the answer for that:

The researchers published their decontaminating protocol so other hospitals can follow their lead.
Using vaporized hydrogen peroxide, the researchers can kill microbial contaminants that lurk on the masks after they’re worn.
It’s a method labs have used for decades to decontaminate equipment, said Wayne Thomann, director emeritus of the Duke Occupational & Environmental Safety Office. Now that procedure is used/applied for  the N95 masks, yes. However, on a temporary basis until such time the N95’s get out into distribution, it behooves all of us Floridians to step up our game now to get back in the real game of life faster.

People around the country are sewing masks. And some hospitals, facing dire shortage, welcome them

(CNN)Crafty people are stepping up to create homemade masks for health care workers facing shortages amid the coronavirus pandemic.

Volunteers across the nation have formed sewing groups, where they share patterns they think can best address the needs of medical workers. Using their sewing machines and piles of fabric, they work to make as many masks as they can to help hospitals in need of more supplies.
Used facemasks and bandanas: How the CDC is warning hospitals to prepare for coronavirus shortages
“We’re the ones you want around in the apocalypse,” said Christine Cox, a volunteer in the Atlanta area who is helping with a local effort to create masks. More detail here.

 

 

Zoom Bombing, don’t be Fooled

Posted on by

So, there are several online conference video chat platforms now being used while businesses continue to operate even while doing the stay at home thing. We are aware of course of the common Skype platform, Uber Conference and gaining huge popularity is Zoom.

Warning to the healthcare industry: Since the United States has launched full tele-health platforms, all parties involved in the session(s) should watch carefully the platform(s) for cyber weirdness. All the same warnings and watchful eyes should be applied to the military across the spectrum as forces too are working from remote locations.

How to Record Zoom Meeting on PC, iPhone

In recent days, I have seen reports of Zoom conference/meeting events getting bombed by rogue players. Every nation while struggling to overcome the pandemic, governments and companies are quite vulnerable to breaches of cyber security due to limited employee resources. What better time for bad actors (read China) to attack?

Zoom has also seen a sharp increase in usage, but the attention the teleconferencing solution is receiving continues to be decidedly mixed. TechCrunch reports that researcher Patrick Wardle has found two local security flaws in Zoom’s macOS client.

***

While Zoom has certainly drawn investors’ eyes in a good way, it’s also attracted the ministrations of white hat researchers, cybercriminals, the plaintiffs’ bar, and state attorneys general. The platform’s encryption isn’t really end-to-end, the Intercept reports. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users’ traffic. The FBI’s Boston Field Office has issued a detailed warning about the ways in which criminals (conventional criminals out for gain, sleazy hacktivists, and skids out for the lulz) have been able to meddle with Zoom sessions. Check Point describes the ways in which criminals have registered domains that include the name “zoom;” these domains are of course up to no good at all. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California’s Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act. And the New York Times reports that all of this news has prompted New York State’s Attorney General to ask Zoom for an explanation of its privacy and security policies.

So, as I was researching for this piece, I received an email from a distant buddy that read in part:

The government has sought the assistance of outside software experts to move online meetings. In one particular instance, my email buddy noted the following”

I have a Zoom warning. We had a Council meeting this afternoon and it had to end immediately. Fortunately, the Council was 99% finished with the meeting. The reason for ending the meeting is because we were Zoom Bombed (yup this is really the name for it). A participant joined the meeting late and his name was Mr. Off. His first name was Jack and he had a middle name “Me”. You can imaging the video. It was horrible. There were three hosts of the meeting that could control participants. The hosts could not see this participant so they didn’t think anything was wrong. Clearly, the hack knows how to enter a meeting without the controlling hosts knowing what is going on. I saw it and ordered the meeting end immediately. The Chair couldn’t see it and was wondering what to heck was wrong with me. It took about 5 more long seconds for me to yell at people to leave the meeting. We all jumped back on the meeting in five minutes and Mr. Off joined the meeting again.

I will add that only half the participants actually saw the act. We also caught it in time to not have it go live on cable or YouTube. Another participant actually viewed video of three other participants that no one else could see and were likely ready to Bomb the meeting.

In the future, we will use passwords for participants. This is unfortunate for the public because they wont be able to join the Zoom part of the meeting. They will still be able to watch it live on local cable and YouTube. We will set up an email and telephone for public comment if the agenda item requires public comment.

I highly recommend you use passwords for future meetings.

Seems we have a new kind of cyber terrorism going on here….espionage at a silent/covert level. Perhaps we can get some kind of press release from the NSA or something.

 

 

Google Sent Users 40,000 Warnings

Posted on by

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.