Cascading Failure, Unified Defense: Defending Water, Power, Healthcare, & EMS

Welcome to Besides Las Vegas's I'm the Cavalry Track. This talk is cascading failure unified defense defending water power healthcare and EMS given by Alexander Venino and Russell Karamoff. Few announcements before we begin. First we would like to thank our sponsors especially our diamond sponsors Adobe and Iikido and our gold sponsors formal and drop zone AI. It's their support along with our other sponsors, donors, and volunteers that make this event possible. These talks are being streamed live and as a courtesy to our speakers and audience, we ask that you check to make sure that your cell phones are set to silent. Along with that, if you have a question, there will be an audience microphone. It is this

microphone that I am holding so that the people on the recording and the live stream can hear you. So, if you have a question, raise your hand. I will bring the microphone to you. With that, let us get started. Please welcome Alexander and Russell. [applause] >> Hi everyone. Thank you guys for joining us here today. So today we're going to talk about the evolution of different threat actors and threats facing our communities specifically around public safety, healthcare, and emergency services. uh this isn't a talk just about cyber security but it's more of a direct link between cyber attacks and our ability to preserve uh public safety and human life. >> So just a quick note before we begin um

we're speaking today in our personal capacity uh so the perspectives here are sh uh that we're sharing today are entirely our own and they don't necessarily represent the views of our employers, volunteer organizations, government entities and all that good stuff. Um, so with all of that out of the way now, um, let's let's exercise our imaginations real quick. Um, I want you all to step out of this room with me for a minute. Um, just forget you're at a conference, you're at home, it's a sunny Monday afternoon. You're uh, you feel this pressure in your chest, uh, tightness and, uh, you're struggling to breathe a little bit. You know this isn't right. So, you call 911. You're the patient, and I'm

about to tell your story. So, the EMTs arrive, they're professional, calm. Uh, they get you onto the stretcher, get you loaded up into the ambulance. Um, let's say I'm one of the EMTs. Uh, I'll take vitals, talk to you about your symptoms, medical history. Um, I'll explain that you're most likely having some type of cardiac event, maybe a heart attack. Um, and because of the urgency of this situation, we're going to want to get you moving to the closest hospital possible, and that closest hospital is county general. Um, is that all right with you? you you're going to say yes because you're in really bad condition and uh yeah, you need to get moving to a

hospital. Um so the doors close, you feel this wave of relief come over you. Um help is here. You're going to be okay. So the sirens are wailing, the ambulance is moving, that tightness in your chest, it starts to get a little worse. It's actually starting to hurt now. Uh I'm going to lean in. I'm going to give you some aspirin um just to help with that chest pain. At the same time, I'm gonna go and ask my driver, "Hey, what's what's the ETA on ALS?" ALS stands for advanced life uh life support. Uh think of it like bringing the ER to the ambulance. We call them for really really critical patients. Um at this point, I'm getting a little

worried because as I'm reassessing your vitals, I'm noticing that your blood pressure is starting to drop. Um a little worried now just because it's a really good indicator that you're going into shock. Um, you're also starting to sweat profusely even with the AC on in the back of the ambulance. Um, you could hear chatter coming from the radio. Uh, I radio in asked for ALS. Uh, ALS is delayed. Uh, what do you mean they're delayed? Uh, they were supposed to be intercepting us. Well, they can't intercept you. Uh, there's flooding. Massive amounts of flooding. And uh you're going to be on your own. Uh, well, now things have just gotten a little more urgent. It's been about 10

minutes since you got into the ambulance. You realize you're still moving. Uh, this feels too long. Uh, way too long. The hospital's only about 10 minutes away. And you hear more chatter coming from the radio. EMS1, you're being diverted. Uh, reroute to University Hospital. What? That can't be right. That's 45 minutes away. Yeah, I'm going to radio back central. Uh, this patient is critical. I need a closer hospital. EMS1, I'm going to call you. I got a call on my phone. The dispatcher goes and explains, "Hey, listen. The water utility just experienced a massive cyber attack. Uh, they're causing complete havoc on the systems. It's causing the reservoirs to uh overflow and there's just massive amounts of flooding

everywhere. Um, let's see. you know, for the hospitals, the effect it's pretty much immediate. Um, it's not just about faucets running dry. Um, at County General, they lost all water pressure. Um, and that cardiac cath lab that you need, well, it's effectively closed because they can't sterilize any of their equipment. Um, for sterilizing equipment, usually use a mix of water and bleach. And the really interesting thing about that is water and bleach as soon as you mix them starts to break down immediately. After 24 hours, it loses all disinfecting properties. So what does that mean? You're going to need water every 24 hours to go and remake your your disinfecting solution. Um the next closest hospital, their HVAC

system uh uses a water-based cooling tower. So without water that hospital turns into a complete into a complete sauna. Uh >> hold on one second.

>> There we go. There we go. Okay. >> Good. Good. Hold on. >> Technical difficulties averted. Alex is that ransomware that affected the hospital. >> It could be. It could be. >> Those are speaker notes. >> Good. >> Yeah. I think select different one. >> You good? Okay. >> Okay. >> Yeah. Sorry. >> We're good. We need notes though. >> Yeah.

>> Okay. Perfect. That whole screen. >> Okay. Uh, so the next hospital turns into a complete sauna without water. And for a patient that is having difficulties breathing, that's a really bad environment. Uh, those hospitals, they really aren't hospitals anymore. They're really just buildings with people that need to be evacuated now. Okay, that's great. and you're still in the back of this ambulance and the next nearest hospital is 45 minutes away in good traffic. Um, in medical cases like this, we uh we refer to something called the golden hour. Um, it's this critical window of time that getting treatment is most effective. And the longer you wait in that hour and outside that hour, uh

chances of mortality or serious injury, uh they go up exponentially. Um and the clock on the wall, you notice that uh it says it's been about 25 minutes since you called 911. And we're still moving. Uh we're still driving. That relief that you felt when you originally closed the doors, that's gone now. It's replaced pretty much just by one terrifying question. Will I make it in time? So, you're all experiencing now the direct impact of a critical infrastructure attack. Um, it's not just a headline to you. Uh, it's the delay between definitive life-saving care you need and the care that you can currently get. So, double check. >> Sorry. Sorry, guys. >> Just leave it. I think it's fine.

>> It's fine. Yeah. >> It's fine. No. >> Okay. Um, you know, as we speak, threat actors, they're targeting v vulnerabilities in our critical infrastructure. Um, and as we've seen from real world events, they sometimes succeed. Um, our infrastructure is a chain and uh it's only measured by its weakest link. Uh, for years uh the public sector worried about ransomware and compliance and uh you know that is really quickly shifting. Um, the New Front Line is defending against these uh very patient state sponsored APS who are playing at a much much longer game. So, uh, can can we get a show of hands? How many in the room are uh, first responders, healthcare worker, or work

in a public utility? >> Nobody. >> No one. Okay. Okay. All right. >> Uh, well, the threat is active and it's not theoretical. Oh, okay. We're gonna have to do this. >> Yeah. Let's >> That works. >> Is it okay? >> Is it? >> Yeah, it is. >> Change. >> Which one?

>> Slide back. >> No, that's not the one. >> Yeah. So, sorry, guys. >> That's better. >> All right. No, just move it to the >> Yeah, I'll just right side. >> Yeah. >> No, I mean move it to the right screen. >> Oh, my bad. >> That's That's only doing nothing.

>> That one. >> Yep. >> All right. >> Okay. Thank you guys. Here we go. Sorry. >> All right. So, for your Oh, good. Yeah. >> Next. Perfect. >> Oh, it works out. >> Oh, it's not mirroring. >> But it's [clears throat] not mirroring still. >> Um. All right. Still not. >> Yeah. Still not doing it. Sorry, guys. All right. >> Do we have another window open here in that ear?

Um, as an intro, my name is Russell Karamoff. I'm currently working as security engineer um, focused on governance, compliance, and just building security resilience system within public safety space. um have experience working in public safety and critical infrastructure as it relates to one collocation services, incident response and so on for Alex. >> And I'm Alex Venino. Um my perspective comes from working in both of the worlds that we're talking about today. As a security engineer, my job is to architect defenses for things like sensitive patient data systems. Um, as a first responder, I'm the end user who actually depends on those systems working perfectly at 3:00 a.m. in the middle of the night with a patient in

the back of an ambulance. Um, I've seen how technical failures uh can lead to real world human uh human consequences. Um, now for another show of hands. Um, how many of you identify as cyber security professionals? >> Okay, I think we're in the right I think we're in the right place. Yeah, we are. Okay, good. Good.

still on. >> You want to do >> Why is this doing this? >> Yeah. >> Okay. No, it's still not.

Sorry guys. Read your slides. I'm going to get my laptop and we're going to switch over to my laptop. Thank

uh primarily sponsored by the PLA, People's Liberation Army, uh coming from China. These guys have been attacking our infrastructure for a number of years. Um according to our research, the mean dwell time has been 5 years within our uh systems. This can include emergency services, um health care, public safety, um energy, water, etc. Um we've seen this sophisticated threat actor uh specifically target our emerging services sector and this is what my presentation can be focused on my part of it at least um these guys are primarily their intention is to disrupt the systems and also conduct espionage. So within that respect uh the mean dwell time the mean dwell time for their uh beacons is around 3 to 72 hours. So

again, highly persistent but also very covert and uh tactical. C2 rotation cycles are around 14 days. So these guys are able to quickly switch out the beacons in case there's a detection or alert that comes up. Um their specific disruption is focused on comms, emergency uh services, energy and water. Uh we've seen again within my experience, we've seen these guys focus on primarily ICS skater infrastructure. Um Please worry. Do you have another adapter? >> Perfect. >> Please worry. >> Sorry guys. >> I see USBC.

>> Not these.

It's not going to be this one. >> We got these guys. >> This is it.

There we go.

>> Yep. Beautiful.

>> Sorry guys. Many technical difficulties today. >> Yeah, >> nearly there. Perfect. Nearly there.

Okay. Yeah.

Okay, >> there we go. >> And now just go back to slides.

>> Which slide? >> Just two more. Two more back. Go back. Go back. One more. >> Use announce. >> Okay. Perfect. Okay. All right, guys. Sorry about that. Um, thank you for your patience. >> All right. Okay. >> Yeah. >> So, we've seen this persistence uh among US electrical grids more recently. Uh, we've seen them as late as 2024 and again mean 12 time has been 5 years. So, these guys are very covert and they've been in those systems for a long time. Um, again, CT rotation is 14 day 14-day life cycle. So, again, these guys can switch out beacons very quickly. Uh, we've seen them use cobalt strike. We've seen use custom frameworks and again

within our uh sort of beacon intervals these guys have been there in 3 hours to 72 hours. So again very persistent and uh continuous. >> All right. So how these guys stay hidden? Um they're primarily using their own tools. They're building their own tools but they're also using uh they're living off the land. So they're compromising known uh edge devices. primarily the ones that I've seen are 40 net, Ivante, Cisco, Paulo Alto. A lot of 40 40 gays have been compromised. And living off the land is another analogy for a burglar breaking into your own house using a tool in your sh your shed or outside your house. Essentially, it's like you leaving a key under your rug

and the burglar is like, "Oh, there it is. Let me just walk right in." Um, except these guys are doing it at a high scale and they're able to do it very successfully. um they're able to target zero days and they're able to target um edge devices which are intended to be patched um and again they're able to do this at scale and they have unlimited funding to do this uh persistently. Now the ones that we've seen I guess more recently have been using DNS or HTTPS uh this is you know to kind of mask their traffic as legitimate service providers. Um they're using ICMP type 8 for data data expiltration using payloads that are met masked as

legitimate traffic again uh HTTP2 uh multipplexing for CDN endpoints and again this can be through Cloudflare this can be through Alami etc etc and again these guys are using legitimate services as a way to kind of beacon their traffic and um actual trade data sets to conduct espionage and also disruption. All right. So salt typhoon is not just is it is just one part of this equation. We also have vol typhoon which is a people's republic of China. Again salt typhoon is just one strategic action. Keep going. Uh Russian EPS obviously conducting polit political influence diligation and then disruption. Keep going. Then have Iranian backs. uh within my professional career I've seen all of these ga guys more recently again salt

typhoon has done more espionage so if they get into AMS system or now one dispatch system they're able to then use as a staging gravity get into other systems and conduct espionage but also you know pull data sets from federal data sets this can be uh data from FBI sees data sets um background checks etc um it's it really is uh the first threat actor that we've seen maneuver maneuver so successfully across the network uh with these with once they first establish a foothold and then finally we have North Korean APGs uh these guys are primarily targeting financial gain but also disruption and you know for critical infrastructure so within the Iranians [snorts] North Koreans these guys again

are more they're more interested about you know retaliatory disruption u Russians typhoon byphoon they're more interested in espionage and conducting reconnaissance uh to you know persist within the environment use this now it works. >> All right the vulnerability. >> Yep. >> Go >> click and yeah >> perfect. All right. So why are we here? Uh whatever you know our critical critical infrastructure water utilities are you know why are they a ripe target? Why not go after you know financial services? I go after something as um you know kind of a lack of interest such as like legacy OT systems, IoT OT convergence, you know these guys these are not necessarily valuable systems, why would they go

after them? The interesting part here is that it is really intended to be a staging ground for broader attacks. If you if you disrupt the emergency services and let's say like St. Paul Minneapolis which you know National Guard was just deployed to there uh to you know respond to the incident. You're effectively destabilizing uh people's lives and you're also destabilizing their you know inherently causing political influence where this can be brought up as a potential vector where um elections can be destabilized but also more importantly funding can be reverted to other things. Um, we've seen them target more vulnerable O2 devices. And at, you know, at a show of hands, has anybody here, you know,

work to or attempted to patch a legacy system that was retired 10 years ago? Anybody here? All right, there you go. One, two, three, four. Yeah. So, you know, it is a a game of, you know, cat and mouse. And, you know, realistically, the only way to patch them is decommission them and upgrade them. But working in the public safety space, that is just not scalable. we don't have the resources or the capital to do that. All right. So, simulating attack scenario. Um the initial attack is the volty expo, you know, exploits an unpatched firewall, installs a back door. This could be a foret or you know, and they're mapping the network. They're trying to find gaps or any open ports,

vulnerabilities, and then from there they're sending out false commands to it could be pumps, it could be emergency services, it could be uh false alley payloads, which are you know automatic location indexes. um they're causing the backup generators to time out causes darkness. Secondary attack, they're uploading malicious code to the controllers uh SCAD systems for example and they're overriding the systems therefore causing the valves to close open flooding begins. This can be disrupting uh public health obviously hospitals and then finally multifaceted crisis. These can be simulated power, water, communication failures, flooding from valid manipulation. And on the right side here, we have an emergency services uh dispatch center which was impacted by uh actually full typhoon.

And in this case, all of their geocoding was down, their radios were down, and they were using the classic duckies on a map to figure out where the ambulance is, where the police department is, where the police officer is, where the fire is. And again, good old, you know, we're back to 1800s. Here we are, you know, system that's, you know, that's working for them for now. And obviously, it's not scalable, but they were doing, for context, they were doing this for two months. That's because everything was down. DC, everything was compromised. And they didn't have the capital to bring in the forces to uh fix the disruption. So, let's move on. Healthcare impact. Uh, SC, you know,

scatter systems can be manipulated. They can be tampered with and they can cause backup generators to go into an overdrive. It can be overheating. It can be uh disrupting ventilators, you know, god forbid. It can be disrupting um insulin pumps, etc. And just impact critical care from the emergency services. You know, we're talking about SCADA systems again exfiltration of systems and again using that as a way to also get into federal systems which are all connected as part of the emergency response. Geocoding can be go, you know, can go down. Telecom can also be impacted from uh new inter agencies perspective. So for example, NYPD covers five bureaus within those five bureaus, you have to be able to communicate

within each of the precincts. Let's say they are unable to communicate that. Um how do they know you know to pass it over to a certain precinct to have send send police officers to the right place and if I you know another example is firefighters can also lose pressure. EMS can also uh cause transport delays and so on. >> Yeah. So the cascading failure is kind of the central point of our talk, right? Um in hospitals, that failure becomes a matter of life and death. Um life support falters, surgeries stop and critical care, it pretty much completely collapses. Um supplies and equipment, it can't be decontaminated um or cleaned. uh hospitals and EMS for example go

through literally thousands of sheets a day um and that's something that we take for granted and that's something that we won't be able to use uh if something like this happens you also lose sterile processing uh for surgeries and procedures. Um did you know that a dialysis session can use up to 150 gallons of water? Um whole dialysis units will shut down and patients really need their dialysis. they skip one session, they'll get really really sick. Um, and all this forces hospitals to go on divert. Um, it causes EMS to have to transfer to a further hospital. Um, which will affect the availability of EMS um without water. A hospital really simply can't function. And then how does

this how does this impact the actual first responders? So, first responders are pretty much get completely paralyzed. Um, firefighters, they can't fight a they can't fight a fire without water. Um, dry hydrants will completely stop a fire department from being able to fight a fire. Um, dead communications, um, you can't talk on the radios. Um, sickness from contaminated water, uh, can force overwhelmed, uh, overwhelmed hospitals to turn patients away. And the public's lifeline, it gets completely severed. Um, local 911 systems, they'll get overloaded and fail. This causes calls to go to all the neighboring jurisdictions and a bunch of already stressed out dispatchers and call takers. Now they're getting even more overwhelmed by the situation.

So cyber attacks, they have caused patient death and harm in the past. In 2019, Spring Hill Medical Center experienced a ransomware attack that took uh vital monitoring and imaging services offline. And this was during a delivery of a baby and it caused a fatal outcome in the delivery. Um Dusselledorf University uh clinic in Germany. They were hit by a ransomware attack in 2020 and it they had to turn away uh emergency patients as well. And this in turn caused a woman woman who was suffering from an uh aortic aneurysm uh to uh to die while she was being transferred to a further hospital. Um, in 2022, a three-year-old was uh overdosed with five times the prescribed

amount of medication that the that that they were supposed to get. Um, this was due to a ransomware attack on a Desmos Iowa hospital. Um, and then June of 2024, there was a ransomware attack on Cineis, which is a pathology partner to the National Health Services of London. Um, it completely crippled their blood testing services. And at Kings College Hospital, an investigation found that this cyber attack was uh a direct contributor to a patient's death. So, we've talked a lot about what an immediate disruptive high impact attack could look like, but what if it's not a big boom? Um, we operate in this right of boom mentality. What that means is that we only act after the explosion

when the situation is already completely undeniable. Um why like why do we do this? Um it's probably because it's easier to sit around watching TV than it is to go out and buy a water filter for a crisis that you can't even see yet. Um and the problem is we might be preparing and waiting for the wrong type of boom. Um, another popular theory is that our adversaries a uh they aren't planning a Hollywood style explosion. Um, their strategy might be a slow burn, a quiet sociological war. Um, they aren't trying to blow up a system. Um, they want to degrade it. They want to degrade it just enough to cause long-term irreversible harm. Um, their goal might not be a head

a headline. Um it might be to increase infant mortality um lower birth rates um and just slowly erode at our population uh so that they can gain some type of economic or political advantage over over us essentially. Um this means that our entire approach to this particular problem it's obsolete. Um, incident response, much like dealing with patients, it's all based on triage. And you can patch the wounds, but it's it's really really difficult to triage a patient who's being poisoned over decades. And we really just can't get better better at at patching these holes. Um, we need to stop the ship from sinking. And that requires a completely new national strategy. Um not just a better

response plan. And speaking of uh better national strategies, you know, one of the biggest threats isn't actually malware. Um it's a disconnect in how our leaders think. And they treat physical and cyber security separate um almost as sil as siloed worlds. And when in reality, as all you guys know, security it's a single continuum. Um, and this broken thinking, it really cripples our ability to respond effectively to a crisis. Um, as an example, I heard a story from someone while I was doing research for this. Um, on a mission to save a COVID vaccine facility um that was under a geopolitical threat. Um, red tape from federal agencies and customs was actually a bigger obstacle than the malware

itself. Um the red tape was eventually broken through essentially and and their work was able to save help save literally millions of lives. Um but what should have taken like a week to solve it took them almost two three months just because of all this red tape. Um so we really need to bridge this gap uh between you know the experts and the policy makers basically and unfortunately a lot of the channels that we use to to do that they're being cut the funding for them is being cut and if we can't tell them we really need to show them uh using like realistic crisis simulations um really to force leaders is to feel the friction firsthand.

Come on. Where's going? There we go. So, why are we so vulnerable to this cascade? Um because during a cyber crisis, the teams responsible for actually working that crisis, they don't speak the same language. Um and if you were here for for Blake and Scott's excellent talk right before ours, then you know exactly how to fix it. um this is a communicate this communication gap it's it's a really really critical failure point. So the solution for this particular uh you know for you know solutions for for a unified response as we suggest you know as as we just said um integrating cyber into ICS um as we learned from Blake and Scott's talk um the solution

isn't to invent a new system it's to improve upon an already tried and true and tested system that's been in use for for decades essentially um joint playbooks. What's important about these is that it's an integrated response plan. You don't have a separate cyber plan for a water system compromise. You want to have a have one plan that goes over the cyber aspects of it as well as the operational emergency aspects of it. Um regional uh regional cyber mutual aid. Um you want to formalize agreements uh to share cyber expertise. my small town, for example, of like 7,000 people, I don't think we have an AP specialist, but the county or the state almost certainly has one. Um,

and then most importantly, cross trainining. Um, you know, this is probably the highest impact, lowest cost skill or or action really. Um, IT people in public safety, uh, or or public or or public works, take a cyber 101 class. Um the University of Helsinki uh has something called the massive open online courses uh collection. It's a bunch of free courses and they have some really really good cyber security courses and you can do this all free. Um for cyber people take the ICS 100 course. It's free. You can go on FEMA's website and it literally takes a couple hours to do and it's extremely extremely informative. There we go. Um now uh let's cover some

of the uh the practical technical defenses. So pillar one is about hardening your environment. We we separate these out into three different pillars. Um making yourself it's about making yourself a much harder more resilient target. Um make sure you have a plan in place to update outdated systems. Um, this is probably one of the number one ways that that adversaries get in is through outdated, unpatched systems that are vulnerable that are just sitting on the internet or even just sitting on your local network. Um, and speaking of of of the internet, you should be uh securing your per Whoops. Speaking of the, you should be securing your perimeter. Um, this is non-negotiable. Uh, you should be

aggressively patching any type of externally accessible devices like VPNs, firewalls, routers, stuff like that. Um, use CES's known exploited vulnerability catalog. Uh, K kev, KV for short. Um, you can use that to prioritize what you're what you're patching essentially. Um, lock down identities. Uh, stolen credentials are the attacker's master key. Uh, implement MFA everywhere. There's a surprising amount of environments that don't have MFA enabled where MFA is just natively available. Um, and then segment segment your networks. Um, there should never be a situation where a breach on your IT network leads directly into your OT network that has your pumps and all your safety switches on it. Pillar two, uh, pillar two, the focus is

about seeing the attack as it happens and ensuring that you can get back up afterwards. Um, logging and monitoring. Um, you can't stop what you can't see. Uh and since live off the land uses your own tools against you, it's really important to log all those specific tools that you actually use. So this means setting up things like uh PowerShell script lock logging, audit logging, command line process logging, stuff like that. Um and then all those logs that you're getting in now, centralize them. Um there are plenty of seam solutions out there. There are open source solutions out there that will cost you just the cost of the hardware itself and the expertise to actually run

it. Um, build resilient backups. Assume that you're going to have a bad day. Um, and you're going to have to restore from a backup. Uh, follow the 321 rule. Uh, three copies of your backup, two on different types of media, and one offline and immutable. Um, so let me let me ask the room, what's the difference between a backup and a good backup? >> There we go. >> Backup is easy. Recovery is the hard part. >> There you go. There you go. So, you both get a gold star. Exactly. Um, an untested backup is not a backup. It's a hope essentially. So, test your restores. Go home now and test your don't go home now, but test

your restores after you go home. Pillar three recognizes that your defense extends beyond your servers and your services. Um, it's about your greatest asset, your people and your partners. Um, and your first line of defense isn't a firewall. It's a human firewall. It's a well-trained user. It's a well-trained user and aware user. So, constant ongoing security awareness training is super super valuable. Um, fishing training super valuable. Um, and it's going to be probably one of your best return on investments as far as information security investments. Um, and then finally, uh, leverage information sharing. Um, you're not alone in this fight. Uh there are organizations out there that offer threat intelligence on your exact sector. Um if you ever heard of the

information sharing and analysis center, there are several of them. There's a water uh ISAC, there's energy ISAC, there's health ISAC, um there's multi-state ISAC, and they all have essentially targeted actionable threat data specific to your sector, which basically tells you what you should be looking for and how to defend against it. Collective resilience is our community's ability to face a crisis together. In a major crisis, 911 is going to be overwhelmed and you need to be prepared to be your own first responder. Check on vulnerable neighbors during uh heat waves, power outages, or any emergency. Um situations like those where populations are at their highest risk. Um empower yourself, learn first aid, CPR, stop the bleed. Um, and finally,

developing a uh a simple community plan is really vital. Um, this means like find finding out what your neighbor's skills are. Um, have a neighborhood meeting point. There's a uh University of Kansas has a community toolbox website. It's uh right there and it guides you through making one. Um, so our call to action, what can we do? Um, problems are big, but uh the actions that everyone can take are tangible and they start with us. Um, learn CPR and first aid. I talked about this a little bit, but in a large scale crisis, um, the professional response system will most likely be delayed. Um, and when 911 is overwhelmed, you're going to become that first link in in in someone's

survival, your own survival. Um, knowing how to perform effective CPR, use an AED, um, control severe bleeding um, in the first few minutes of of an incident. Uh, it can be the single deciding factor between someone living and dying. Um, it's a lot low, it's a very very lowcost, high impact skill. and you can get certified in less than a day. cpr.heart.org. Look up a uh look up a class near you. Um volunteering. This is like the biggest way that you can that you can that you can help. Um you are going to learn more in six months on an ambulance or a fire truck than you're going to learn in a year of theoretical

exercises. Um and most volunteer EMS and and fire agencies, they're desperately in need of neighbors. Uh members members uh maybe they need neighbors, too. Um we're currently in a nationwide EMS shortage. Um what this means that you might call 911 day and the dispatcher might tell you it's going to be 45 minutes till an ambulance can get to you. You're going to have two choices then. Do you take the issue? Do you take the situation into your own hands or do you wait? And as a first responder, I know exactly what I'm going to do. Um let's see. Second one, uh security knowledge that you all have in this room is a superpower. Um take it for grant

that we take for granted. Um it's a superpower to the outside world. Um be a force multiplier and here's how you can um you can give a free or you can give free lessons at a PTA meeting um on scam on on scam uh scam fishing awareness. Um engage in local local government talk uh about cyber security at local PTA meeting um and help shape cyber security rules. Um there are states that are putting out cyber security rules now and they're asking for comments on it. Um and then let's see uh and then that's pretty much it. Um thank you for uh your time and attention. Uh we know it's a heavy topic and uh the entire mission of the I am

the Calvary track is to you know catalyze on on action that protects human life and we really hope we've given you the tools to do that today. And I'd like to, you know, send a special thanks to our my mentors at least in the intelligence community who provided, you know, invaluable information as we put this slide together. So, uh, and as far as you, Alex. >> Yep. Uh, yeah. Does, uh, and you know, and does anyone have, uh, any questions? Okay. Okay. [applause]