May 24, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
A computer crimes investigator, Jim Williams, said he sees evidence that the downturn in the economy may have led to cutbacks in cyber security. To reduce protection of cyber-based systems at a time of greatly increased attacks on those systems would be a big mistake, according to Mr. Williams. As a means to promote awareness and discourage any cutbacks, he cited the following hidden security traps:
United Press International reported that according to a 21 May foreign affairs letter, Chinese hackers are preparing a new wave of attacks against U.S. cyber systems for late May and June. This next round of cyber attacks is expected to move beyond the relatively benign defacements seen earlier this month. The "Red Hacker's" organization in the People's Republic of China announced that they plan to install "a variety of viruses, worms, automatic bombs, and cookies in their future attacks on American cyber systems." "Being forewarned is being forearmed." Fire and emergency services departments should check the health of their cyber systems (e.g., 911, CAD, radio, PC's, LAN's, etc.) and maintain accountability, awareness, and vigilance to avoid degradation of their operational effectiveness.
Data collected by the research firm, Computer Economics, indicates that computer viruses have caused over $6.7 billion in damage since January 1, 2001. Considering the extent of this devastation and the potential for increased cyber attacks by more sophisticated electronic criminals, it would be prudent for the emergency first response community to check out the virus information libraries compiled by the security gurus of the major antivirus software vendors. While actual computer viruses can destroy computers, virus scares can also cause disruption-as employees send out panicked alerts about nonexistent bugs, according to Deirdre Lanning of ECompany. To maintain computer security health, she recommends using available glossaries to help decipher the technical jargon often found in computer virus alerts and lists of the most recent virus discoveries. Those emergency service departments who are particularly vulnerable can sign up for a free newsletter published by the major antivirus software vendors.
Industry figures like to refer to the cyber systems medium as an "infrastructure." But before it can be considered as reliable as that word connotes, cyber systems protection has far to go, said Vint Cerf, the WorldCom senior vice president. In a recent interview, Mr. Cerf said it is very important to know that when something becomes an "infrastructure," people rely on it. "We use the term 'infrastructure' pretty lightly these days," he said. "When something becomes infrastructure'you don't think about it at all until it doesn't work." Referring to cyber systems as infrastructure, Mr. Cerf said, is of no use whatsoever unless the systems actually work. Cerf also said that the federal government's interest in critical infrastructure protection is a sure sign that cyber systems are on the way to being seen as an infrastructure-as essential to the American public as the telephone system and the power grid. He added, however, that as long as cyber systems remain subject to malicious attacks, "we are facing a very fragile future." In a related interview, John Sopko, acting chief of the Commerce Department's National Telecommunications and Information Administration, said that the Bush administration's commitment to critical infrastructure protection is paramount. Mr. Sopko said that infrastructure protection means protecting the economy as a whole in the 21st century.
California health officials published an advisory on 16 May directing the operators of the state's water systems to prepare for the definite rolling blackouts throughout the summer months. The Department of Health Services told the nearly 9,000 public water agencies in California that they should have backup electrical power and emergency sources of water as soon as possible. Water is one of several sectors that have been seeking exemptions from rolling blackouts because they provide vital services. The Health Services advisory followed a warning issued by the Association of California Water Agencies urging water systems be exempt from electrical power outages because they are essential to public health and safety. As rolling blackouts have already been predicted for various metropolitan areas of the nation, this certainly seems to be an important issue for many areas outside of California.
California state utilities regulators announced on 21 May that they will exempt individual businesses from rolling blackouts this summer if the customers can prove the outages would present "a significant danger to public health and safety." Hundreds of nursing homes, organ donor labs, outpatient health clinics, water agencies, etc., are expected to apply. Although the deadline for all applications is 1 June, the utilities commission does not expect to finish its review of the applications until 2 August. Even though blackouts have already begun in California, the Public Utilities Commissioner said his commission will not be done before then because "this is a serious exercise aimed at protecting the well-being of the people in California and they can approve only a limited number of applications."
An intrusion of established security policy and procedures, which has the potential of disclosing the department's critical cyber systems information to an unauthorized user.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
