August 2, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@fema.gov.
A comprehensive security strategy for any fire or EMS department will include measures to protect the internal physical systems as well as the cyber ones. Adequate physical security limits access to department assets to prevent the incidents of theft, tampering, or damage resulting in equipment downtime or mission failure. Essentially, such security efforts are a state of mind or attitude as much as the application of protective measures. In most departments, many of the basic physical security measures are already in place. If so, they will include: establishing accountability, training department personnel, screening new employees and visitors, controlling access, preventing unauthorized entry, providing visitor escorts, safeguarding critical equipment, protecting sensitive materials and information, and the periodic review of security controls. Again, the key consideration is the avoidance of non-operational apparatus and mission failure caused by a security breach.
The Communication Systems Supervisor for the San Mateo County (CA) Department of Public Safety, Robert Bustichi, wrote in Firehouse.com last month that there is an alternative to expensive and fragile laptops for mobile employment. His department turned to Personal Digital Assistants (PDAs) and rather inexpensively distributed them to the Fire Department Battalion Chiefs. "Because the PDAs (Palm VII's) provide wireless access to the Web from almost anywhere, the Fire Chiefs utilize them to retrieve critical information in real time from the central main-frame system at the Department of Public Safety." Users view details of an active incident, contact a fire engine in the field, perform alpha paging, open fire personnel schedules at the time of shift changes, send messages to the dispatcher, and access important information such as drug interactions and protocol. Mr. Bustichi emphasized that PDAs can be deployed at relatively low cost and without a training program. He cautioned application developers to keep the process simple and user friendly. "If it's too complex, nobody's going to use it," he said.
The Federal Communications Commission (FCC) does not plan to alter its mandate that wireless carriers implement by 1 October the capability for call takers to receive a caller's wireless phone number and location information, according to an FCC spokesperson. CNET News.com reported that nearly every U.S. carrier will not be ready because the software to power this new capability will not have been perfected by then. The preponderance of requests for more time to comply indicates "the technological hurdles involved in pinpointing the location of a cell phone are presenting complex challenges." Despite these many requests, the commission spokesperson said the FCC will continue to evaluate each case individually; however, there is still no plan to push the deadline back. Other than the ability to levy fines, the FCC is basically powerless to do anything. "FCC's mandate is more of a policy statement and does not carry the weight of a law."
According to a report by the National Infrastructure Protection Center (NIPC), two U.S. Senators said the nation's water system, with the rest of America's infrastructures, is lagging because of the federal government's increasing use of stop-gap measures and the lack of larger maintenance projects. At a recent Environment and Public Works Subcommittee hearing, the senators said billions of dollars are needed by federal agencies to upgrade and expand the country's infrastructures. Senator Harry Reid (D-NV) said the U.S. Environmental Protection Agency (EPA) estimated they will need nearly $300 billion over the next 15 years to upgrade and expand the country's infrastructures within their purview including wastewater treatment facilities.
As of 2 August, the scanning and infection of the "Code Red" worm continues to grow at an increasing rate. According to preliminary reports assembled by the NIPC, it appears that the growth has already resulted in the infection of over 244,000 systems within the United States. When scanning the Internet, the worm identifies vulnerable systems and infects these systems by installing a copy of itself. Each newly installed worm joins the others causing the rate of scanning to grow rapidly. Every organization or person who has Windows NT or Windows 2000 systems and the IIS web server software may be vulnerable. The worm can be removed by rebooting an infected system; however, that solution does not guard against infection again in the future. It is still not too late for users who are susceptible to the worm to download the free Microsoft software security patch. Applying the patch will protect users from infection. Users of Windows 95, Windows 98, or Windows Me are not susceptible to infection and do not have to take any action against this worm.
An electronic link providing direct access from one distinctively marked place in a hypertext or hypermedia document to another in the same or a different document.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
