August 16, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@fema.gov.
Firefighters performed excellently during the train tunnel fire in Baltimore last month. But the incident provides some important reminders for all communities and their fire departments. Does the community have a comprehensive accident plan as required by the Federal Emergency Preparedness and Community Right-to-Know Act of 1986? If so, has it been thoroughly reviewed lately? If in need of preparation or review, then now is the time consider critical infrastructure protection. Identifying the infrastructures critical to a community and its emergency first responders is a significant first step in improving preparedness. As plans are authored or revised, decisions can be made on how to first and foremost protect the critical infrastructures so as to avoid their degradation or loss (e.g., the loss of the tunnel for several days). Such preventive measures - if and where truly necessary - are the salient components of a quality emergency preparedness program. It is also helpful to know that federal grants are available for municipalities to improve their emergency preparedness. For example, the U.S. Department of Transportation has over $12 million in grant money available specifically for chemical accident planning.
No utility has blamed computer hackers for a power disruption. But two trends may soon change that according to utility experts. Deregulation of the energy industry resulted in formation of numerous online energy trading networks with sales of electricity done over the Internet. Hackers could access these less secure trading networks and potentially disrupt power transfers. The experts also warn that increasing links between computers controlling the grids and those used for administration, Internet email, or Web surfing make hacker-induced blackouts likely. A Los Angeles Times staff writer, Charles Piller, wrote that once inside a power-control network, hackers might find diagrams of switches and power supplies that could enable widespread sabotage. "You can black out whole cities," said Anjan Bose, a power-grid expert and Dean of the College of Engineering and Architecture at Washington State University. Other specialists said hackers could cause physical damage to generating plants or other energy-industry facilities. Utilities historically maintained security of their power supply by isolating and strictly controlling access to computers used to monitor and manage power flow. Increasingly, however, administrative and supervisory computers are linked for efficiency. Security officials normally use computer firewalls to protect their grid-control systems, but hackers have been able to defeat most firewalls. Many utility experts still see the primary threat to the power system as the same forces that have haunted cyberspace for years: "disgruntled employees, corporate spies, and teens testing their limits."
Electronic mail and Web browsing can be easily intercepted when plugging laptop computers into Wireless Internet Networks at hotels, airports, etc. Computer security experts warn that these new networks are not protected by encryption and are vulnerable to hackers. It can also be said connecting to these networks is like connecting with anyone who has been there before. "When you sit in an airport and use your laptop you might as well be broadcasting to anyone within the listening distance," said Mr. Jason Sewell, a digital forensics specialist at Predictive Systems.
Personal Digital Assistants (PDAs) such as Palm VIIs or Blackberries are used far less than standard computers. Nevertheless, it is important to know about the vulnerabilities of these devices, which are becoming increasingly commonplace among fire and emergency service personnel. The relatively limited capability of current PDAs provides some protection from viruses. However, this does not mean PDAs are immune to infection. In fact, there have already been viruses and Trojan programs designed to attack the Palm operating system. For example, "Liberty Crack" is a Trojan program aimed at PDAs that transfers from a host computer during synchronization. When "Liberty Crack" activates, it attempts to delete applications from the PDA and reboot. "Vapor" is another Trojan program that causes icons to disappear from PDA screens as if deleted, though in reality they are not. PDA downloading of viruses and subsequent infections are expected to increase, but users can protect their devices by following rules that already apply to their desktops and laptops. Fortunately, vendors are now beginning to release antivirus software specifically for PDAs.
The Associated Press reported that a cellular telephone outage in the Washington, DC area interrupted service for thousands of customers for more than eight hours on 9 August. The problem began after a power failure at a switching station. Officials from Cingular Wireless Inc., said the initial outage was heat related, Additionally, a spokesman for the Potomac Electric Power Company stated there was an undetermined problem with a cable connector on a transformer. Frequent disruptions to the cyber systems and telephony, as in this case, reinforce the benefits of redundancy in communication systems among emergency first responders. Accepting that the various mediums of communication are critical to mission success, then provisions must be in place to protect that redundancy from degradation or loss. It is prudent, therefore, to include the protection of this redundancy as part of a department's written security plans and policies.
A single controlling computer or work station that is connected to a network of computer or printers.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
