June 21, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
Fire and emergency service departments can initiate an effective Critical Infrastructure Protection (CIP) awareness program for their senior leaders by taking the following actions developed at the USFA CIPIC in consultation with other CIP and security managers:
The National Infrastructure Protection Center (NIPC) and the Federal Computer Incident Response Center (FedCIRC) jointly issued a 19 June advisory that hackers can remotely gain System Level Access (root) on any computer running Microsoft's Internet Information Services (IIS) web server software. The NIPC and FedCIRC consider this to be a significant threat due to the large installed base of IIS users, the potential for remote compromise, and the level of access granted by this vulnerability. System-level access allows a user full access to the server, so as to install malicious code, run programs, reconfigure, add, change, or delete files. The vulnerability is in the Internet services application programming interface (ISAPI) extension that is used to manage indexing services and custom searches. The attacker who successfully establishes a connection with an IIS web server could introduce malicious code by exploiting a buffer overflow vulnerability. Microsoft strongly recommends that all web server administrators mitigate this vulnerability immediately by applying the following patch: http://www.microsoft.com/technet/security/bulletin/MS01-003.asp
Drilling for oil may seem protected from computer attacks, but nearly all aspects of the energy business are as dependent as any other sector on the Internet and computers to carry out routine operations, U.S. officials said. "Oil refineries, gas pipelines, power plants, and the electric transmission grid are all critical infrastructures vulnerable to cyber attacks." In the June issue of the Oil and Gas Journal, U.S. officials said they are working hard to make the Internet and government Web pages less open to electronic threats, regardless of whether they come from domestic or foreign sources. State and local governments should be petitioned to do same so as to protect critical infrastructures that emergency first responders require for successful rescue operations.
The wireless phone giant, NTT DoCoMo, warned its 24 million mobile Internet service subscribers that viruses and malicious electronic mail could be heading to their phones. If opened, the email will dial an emergency number, make calls to large numbers of people, or crash the consumer's cell phone. CNET News experts said this warning is another sign that hackers are turning their attention to wireless devices. An increasing number of phones can download software, which is one way of introducing a virus. Such phones are easy prey because currently there is no efficient anti-virus protection on the market for them. NIPC researchers indicate that viruses and malicious email will soon become a way of life for users of mobile phones, Palm devices (PDAs), wireless computers, etc.
Michael Chertoff, a newly confirmed assistant attorney at the U.S. Justice Department, told the House Judiciary Committee's Subcommittee on Crime that U.S. law enforcers need more resources to combat cybercrime and better laws to simplify the tracing of suspects over the Internet. He also testified that tougher penalties "commensurate with the harm caused" are required to adequately reflect the impact of crimes. Mr. Chertoff additionally said more money is desired so the Justice Department can work effectively to combat cybercrime with the adequate resources to hire, equip, and train investigators. The subcommittee hearings are expected to serve as a springboard for new crime legislation according to Patrick Thibodeau of Computerworld. The Justice Department, said Mr. Chertoff, is requesting changes in the procedural laws that clarify laws used to trace telephone calls so that they can also apply to electronic mail and telephony.
Any action or attack that prevents the use of a resource. DOS occurs when a piece of hardware or a website is inundated with requests. From a user perspective, it usually appears as a "page cannot be displayed" error.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
