May 3, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
Most U.S. citizens are familiar with the ability to contact police, fire, or emergency medical services by dialing 9-1-1. However, the National Infrastructure Protection Center (NIPC) reports that 9-1-1 systems are vulnerable to unintentional or malicious overload. A minor incident may prompt onlookers to dial 9-1-1, flooding the Public Safety Answering Point with repetitive information. Additionally, there have been a number of computer viruses that were designed to automatically and repeatedly dial 9-1-1. 9-1-1 services rely on the telephone network. Failures in this network, a fire in a telephone switching office, and accidental configuration changes have all resulted in temporary degradations of 9-1-1 services in a number of cities. As 9-1-1 and other emergency services communications traverse computers and switches, they continue to be vulnerable to computer and phone hackers. Providing enhanced security measures to protect this critical infrastructure, combined with the development and implementation of back-up procedures, should be a high priority for 9-1-1 planners and those who rely on such services.
A new set of security statistics just released by the Computer Emergency Response Team Coordination Center (CERT/CC) reveal that the number of security incident and vulnerability reports increased during the first quarter of 2001, relative to the numbers for the same period last year. CERT/CC is a government-funded computer security research and development center based at Pittsburgh's Carnegie Mellon University. CERT/CC studies and tracks Internet security risks such as viruses, security holes, and intrusions. Their computer experts indicate that if this pace continues, then 2001 will surpass 2000 as the year with the largest number of security concerns. CERT/CC personnel also allege that these statistics are not surprising and should not be alarming. Instead, they emphasize the need for proactive security measures to protect against the rapidly growing cyber-threat.
The FBI's National Infrastructure Protection Center (NIPC) is warning local governments and businesses to be alert for politically motivated cyber attacks during the period of 30 April to 7 May 2001. This warning came a little late for the Road Department of Oakland County, California, where technicians are still trying to repair their website crashed by Chinese hackers. "A large number of U.S. websites have already been defaced with pro-Chinese or anti-American rhetoric," according to an NIPC expert, who urges network and system administrators to closely monitor their websites and mail servers for attacks that could include web page defacements and denial-of-service attacks.
Despite warnings, local, state, and federal levels of U.S. government are still lax in regards to securing computer systems. "They are leaving their computer infrastructure open to significant risk," witnesses told the House Energy and Commerce subcommittee on Oversight and Investigations. Those agencies that have felt "the sting of public embarrassment" have shown some improvement, said committee chairman Rep. W.J. Tauzin (R-LA). Tauzin cited a report from the Health and Human Services Department inspector general about numerous system control weaknesses that permitted unauthorized access to Health Care Financing Administration data about beneficiaries. Federal investigators are now working on more than 100 cases of intrusion into government systems, said Ronald L. Dick, director of the FBI's National Infrastructure Protection Center. Most agencies with poor systems security have failed to establish agency wide security management frameworks, said Robert F. Dacy, the General Accounting Office's director of information security. To establish such frameworks, he said, local, state, and federal agencies need program managers who understand the most critical and sensitive aspects of their missions as well as technical experts who can suggest control techniques.
The National Resources Defense Council (NRDC) is charging that widespread contamination threatens California's groundwater, a source of drinking water for half the state's population. According to a 100-page NRDC report, the full extent of damage to the groundwater supply is unknown because the state government is failing to comprehensively monitor and assess the level of contaminants in the groundwater. "Groundwater is a natural resource of unparalleled importance to California, but the state's approach to monitoring and protecting it is a jumble of disconnected and often ineffective approaches that leave us dangerously unprepared for the future," said David Beckman, an NRDC senior attorney. The issue of fighting fires with contaminated water as well as the subsequent risk to firefighters was not addressed and will require further study.
Federal energy regulators are pushing California to join other Western states in a regional organization to run the states' power grids. However, California officials insist the federal regulators "want something that will neither cut energy costs nor stave off blackouts." It appears very likely that state officials will go to court rather than join a regional transmission organization. They are objectionable to any action that would limit California's ability to control its power grid by giving more authority to the federal government and other Western states.
A set of computers that are connected and able to exchange data.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
