InfoGram

August 23, 2001

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@fema.gov.

Emergency Service Infrastructure

According to a recent study by the Los Angeles Times, the hospitals in the nation's larger cities and suburbs are turning away ambulances at increasing frequency. America's dwindling capacity for emergency care is being outstripped by the ballooning demand for it. Emergency rooms are declaring themselves overwhelmed and are shutting their doors to ambulances in shocking numbers. Hospitals are so full that emergency room doctors cannot find room for patients who need to be admitted. Too often high occupancy rates force patients into hallway beds for days at a time. This dangerous reality directly threatens almost anybody who suddenly becomes ill or sustains a traumatic injury. However, when the capacity is not there it also affects the mission of emergency service responders. Assuming there are alternative treatment facilities, ambulance diversions are time consuming and potentially life threatening. This deplorable situation will ultimately worsen if a locality experiences an incident of mass victimization as was just rehearsed at a major U.S. city. With a small surge capacity, the few local hospitals could not accommodate more than 25 victims each. There is a lesson here for leaders of municipal governments, hospitals, police, fire, and emergency medical services to consider present and future emergency room capabilities and to plan accordingly.

Wireless Technology

An ambitious wireless trial is ongoing in Florida to allow public safety personnel to send color video wirelessly to vehicles in the field and to conduct wireless videoconferencing, complete with voice and data. Seven fire, police, and emergency medical service vehicles in Pinellas County have been equipped with color, touch-screen panels the size of a laptop computer. When the screens are fully functioning, personnel in vehicles can receive wireless video streams showing a school shooting just videotaped or the building plans with locations of hydrants and exits. Dispatchers could talk to crews in vehicles using wireless videoconferencing, supplemented by data if needed. 'With all the worries about bombings, we have a database with maps of schools and public buildings. Imagine how useful it would be to zap that map to units responding to a school to show exits and fire hydrants,' said Marianne Pasha of the Pinellas County Sheriff's Office. This trial warrants the attention fire and emergency service leaders who are planning to upgrade their equipment and improve capabilities.

Protecting Wireless Applications

Given that more fire and emergency service departments are considering and using them, it may be helpful to review what the security experts recommend for well-protected wireless applications as reported in the Federal Computer Week:

• Access controls embedded in the wireless device itself.
• Encryption of data stored on the wireless device.
• Encryption of data before it is sent through the airwaves.
• Key encryption of data (128 bit minimum) traveling through the airwaves.
• Firewalls at the access point between the wired and wireless.
• Operating system and application level password protection.
• Intrusion detection system to monitor signs of unauthorized traffic.

New Cyber Attack Trends

A report by the National Infrastructure Protection Center (NIPC) indicated an increasing sophistication of attacks utilizing malicious code. This maturing of malicious software (malware) creates an opportunity for new types of attacks that take advantage of previously compromised hosts, which further necessitates the need for periodic updating of antivirus software and vendor patches. Observers of the computer security environment noted the rise in crafty social engineering methods used by malware to dupe victims. Also noted is the appearance of new capabilities in malicious code. The speed with which worms can propagate across the Internet makes them ideal delivery mechanisms for setting up a network of clients that can be later exploited to launch denial of service or other types of attacks. In the near future, worms can be expected to grow in multiple directions. They may become stealthier, contain more destructive payloads, and become more lethal to computer systems. Considering this rapidly evolving cyber threat environment, it is imperative that fire and emergency service sector leaders responsible for critical infrastructure protection adopt policies assuring that information security practices are implemented throughout their departments.

Network Security Reminders

From an article in the Chicago Tribune, Scott Tompkins presented the following ten reminders to protect cyber networks from security breaches:

• Do not think you cannot be hacked.
• Complete a department security assessment.
• Review organizational policies and procedures and how they are implemented.
• Ensure all personnel are fully aware of security policies and procedures.
• Guarantee the implementation of strict password rules.
• Test firewalls periodically to assure they are totally functional.
• Initiate intrusion detection tools and processes.
• Secure access to telephone networks and web access points.
• Perform security audits on a regular basis.
• Acquire insurance coverage in event of losses from security breaches.

USFACIPC Weekly Lexicon: Infrastructure

The framework of interdependent networks and systems comprising identifiable industries, institutions, and distribution capabilities which provide a reliable flow of products and services essential to the defense and economic security of the United States.