June 14, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
Gleaned from twenty years of managing security in government and commercial enterprises, Mr. David Thompson offered his best security engineering practices in a recent eWeek article. They are amended as follows for the consideration of the fire and emergency sector:
The Federal Computer Week reported that White House officials have been working for months on ways to reorganize the government's initiatives for protecting the information systems supporting the nation's critical infrastructure. The new Bush plan, expected later this month, will create a board with members from the various critical infrastructure protection (CIP) sectors, to coordinate policy and provide support for individual agency initiatives. The board's chairperson will report directly to the national security adviser, currently Condoleezza Rice. The board will have several function-specific subcommittees to cover in-depth the issues under CIP. Paul Kurtz, the director of transnational threats at the National Security Council, said this will include national security, research and development, training, and physical security as it ties in with cyber security.
Citing an increasing number of cases including one in which hackers shut down the 9-1-1 emergency system law enforcement officials asked Congress for more money and expanded powers to fight cyber crime. The Associated Press reported that an official with the Secret Service, James A. Savage, speaking before the House subcommittee on crime, told of two hackers who recently got free long distance and other services. While they only stole service, they had enough access to the network to shut down telephone service over a large area including the emergency 9-1-1 system. The vulnerabilities of 911 systems, in particular, have now reached dangerous levels. Consequently, the Secret Service is being swamped, Mr. Savage told lawmakers, with "desperate pleas" from local police departments for training, assistance, and equipment "on an alarmingly increasing basis."
The Los Angeles Times reported during the weekend of 9 June, hackers burrowed into the computer system of the California Independent System Operator (CISO) and attempted to defeat firewalls protecting areas managing the flow of electricity on the grid. "This was very close to being a catastrophic breach," a CISO source stated. Although this and similar incidents have not played a part in the rolling blackouts of April and May, the National Petroleum Council (NPC) warned that the entire U.S. energy industry needed to increase the level of its cyber security to prevent future and potentially more damaging hacker attacks. The NPC, an industry group formed to advise the federal government on energy matters, warned that energy companies having been accustomed to dealing with the threat of an explosion either accidental or intentional are not adequately prepared for an attack from cyberspace, even though the industry has become increasingly reliant on computers. The concept of cyberterrorism aimed at the energy infrastructure, plus the worst-case scenarios developed in the days prior to the arrival of Y2K, have led to concerns of hackers shutting down power plants, transmission lines, pipelines, and refineries. NPC advised energy companies, as well as various municipalities and other government entities, to update their capabilities and work more closely in responding to problems.
Though there have only been twelve viruses specifically targeting wireless handheld devices like mobile phones and personal digital assistants (PDAs), the next year or two is likely to see an explosion of viruses for these platforms, said Mr. Bob Hansmann, enterprise product manager for Trend Micro Inc. This is an ominous prediction for the many fire and emergency service departments already using wireless information devices. Virus writers always attack the systems that are popular and accessible, Hansmann said, noting that the explosion in mobile devices with wireless access such as cell phones and Palm OS or Pocket PC PDAs will in turn bring new viruses. People are going to write viruses for the devices they have access to and information about, he said, and as these systems increase in popularity, that is what they are going to write viruses for. Standard security on the Palm and Pocket PC platforms consists of password-based authentication and little else. Those very PDAs represent one of the largest and most ignored security holes in the cyber realm. As a result of this weak link, many security managers have been reluctant to deploy PDAs on a large scale. However, the news is not all doom and gloom as steps are being taken to fight the spread of wireless viruses. The biggest names in the industry are already discussing adding anti-virus software to their wireless gateways.
Any action, device, procedure, technique, or other measure that minimizes the security vulnerability or weakness of a system.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
