InfoGram

This page may contain links to non-U.S. government websites. What this means to you »

March 1, 2001

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.

Critical Infrastructures

Critical Infrastructures are those systems and assets-both physical and cyber-so vital to the Nation that their incapacity or destruction would have a debilitating impact on national security, economics, and/or public health and safety. Its tremendous significance to the American people requires even health and safety agencies to determine the critical infrastructures within their organizations. Mr. John Tritak, Director of the Critical Infrastructure Assurance Office, recommends the following minimum steps:

  1. List the services the organization provides for the citizens.
    1. Respond to fire, rescue, and ems?
    2. Respond to hazardous materials and terrorist incidents?
    3. Handle medical emergencies?
    4. Stabilize fires and rescue incidents?
  2. List the information, capabilities, and equipment required by the organization to perform its mission.
    1. Alarm center to receive and dispatch emergency incident calls?
    2. Telephone alarm system with trunk lines, dispatchers, recording devices?
    3. Computer Aided Dispatch computers?
    4. Mapping capabilities?
    5. Stations?
    6. Response training and equipment?
  3. List the critical services the organization provides.
  4. Identify the critical information systems (including cyber) that are part of the service delivery.
  5. Determine the potential points of interruption or failure.
  6. Assess the risks to the systems.
  7. Decide how these risks can be managed.

Computer Incident Response

The Department of Veterans Affairs (VA) serves as a fine example of the outstanding cyber protection benefits derived from the implementation of a Computer Incident Response Capability (CIRC). The Federal Computer Incident Response Center reported that nine months ago the VA established a dedicated and fully functional CIRC, which has achieved the following successes:

  1. Developed a key organizational contacts list used to contact VA computer security administrators nationwide during emergencies.
  2. Developed CIRC operating guidelines and procedures.
  3. Established a 24x7 CIRC hotline with help desk support.
  4. Developed a dedicated CIRC website in conjunction with a secure online database.
  5. Developed a CIRC incident reporting process and online incident reporting system.

Over these nine months, regular monthly reports were issued to include updates on CIRC systems development. Since its inception, the CIRC has issued over 54 security alerts to VA computer security administrators nationwide. Department-wide reporting to the CIRC continues to grow regarding major outbreaks of various viruses.

Power Outages

According to emergency personnel in California, there were no real 911 problems caused by power outages. They indicate the big problem was not having officers available for dispatch. The planning issue for all public health and safety agencies is the lack of power to traffic signals. On multilane roads, particularly heavily traveled routes and intersections near freeways, it is necessary to have traffic control provided if major backups are to be avoided. This ties up an officer per intersection. If a terrorist act eliminated power in an area, nothing would move unless traffic control was provided. At that time traffic control would not be the highest priority for police.

The Cyber Alarm

The risk of cyber complacency exits among the leaders of health and safety given the shortage of resources and the absence of large-scale disruption or elimination of services. A major cyber-vigilante group has not directly targeted health and safety departments. However, any organization with a modem is vulnerable to the mischievous and criminally malevolent. Urban power grids and police 911 systems are exceptionally easy targets for hackers, according to San Francisco computer security expert Richard Power, who adds that the cyberspace highways are not nearly as safe as our national roadways. Twenty-four federal agencies have suffered serious incursions from a 16 year-old hacker. Moreover, many computer security experts predict the rise of a new generation of computer savvy terrorists with very disastrous results. At minimum, one expert urges health and safety leaders to set the example of awareness and personal responsibility when using department computers.

Disclaimer of Endorsement

The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.

Fair Use Notice

This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.

Reporting Notice

DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.

The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm

For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.

When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

RSS FeedWeekly INFOGRAM's are now available as an RSS Feed. More Information »