November 15, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
The dreadful attacks of 11 September should provide all fire and emergency medical service departments with enough justification to immediately implement a critical infrastructure protection (CIP) program. Remember, the purpose of CIP is to protect the critical physical and cyber systems upon which survivability and mission accomplishment depend. However, if the threat of terrorism itself does not motivate action, then recall that the CIP process also mitigates or eliminates the devastation of fire and EMS critical assets caused by nature and HazMat accidents.
The USFA CIPIC will provide assistance (via telephone, electronic mail, or facsimile) to any department that desires to establish a CIP program. With or without CIPIC consultation, department leaders can initiate the following actions to protect their critical infrastructures from deliberate, natural, or accidental attacks:
Depending on how it is used, the term "critical infrastructures" can be confusing. Any attempt to reduce the mystery should begin with the fact that critical infrastructures are those physical and cyber assets essential for mission accomplishment. For further clarification, they are the people, things, or systems that will seriously degrade or prevent survivability and mission success if not intact and operational. Although there are many similarities, the differences in physical and cyber systems among individual departments necessitate that senior leaders identify their own critical infrastructures.
Some examples of the critical infrastructures common among fire and emergency medical service departments are:
The critical infrastructures listed above were selected because their daily status will directly affect whether or not a fire or EMS department can successfully perform assigned missions. If department leaders follow the CIP process and determine any one of these examples to be threatened and vulnerable, then they should not accept risk. As necessary, they should seek local government assistance to apply protective measures as soon as possible.
Numerous critical infrastructures only indirectly influence the assets required for fire and EMS survivability and mission preparedness. These infrastructures have more direct consequence for other sectors of the nation, despite the fact that an incident at any one of them elicits action by emergency first responders.
The following are some examples of critical infrastructures having less impact on fire and EMS mission readiness and more influence on the functioning of other sectors of the nation:
Last week's InfoGram stated that Operations Security (OPSEC) and Critical Infrastructure Protection (CIP) are closely related. As a reminder, OPSEC is about protecting sensitive "unclassified" information that can be exploited by adversaries to disrupt operations and cause catastrophic events. OPSEC intends to deny our enemies any sensitive information that will assist their efforts to identify vulnerable targets and plan future attacks.
Those who desire to destroy our nation will frequently attempt to influence a person into divulging sensitive information, granting unauthorized access to facilities, and permitting unauthorized use of information systems. These individuals are skillful at employing deception to persuade people into relinquishing information or access they normally would not have provided. They usually pretend to be someone they are not and will appeal to a victim's sympathy or ego by challenging the person's knowledge. Frequently, they will perform as someone in authority and demand information by way of intimidation. These deceitful characters capitalize on our human nature to be helpful and trusting, even naive. However, in our efforts to be pleasant and cooperative, we often and unwittingly disclose sensitive information and allow inappropriate access.
The fire and emergency medical services do have and use information which should be considered sensitive and for official use only. Following are some examples of information and access that should be actively restricted to only those who have the official need to know:
A set of rules and formats that are agreed upon methods of communications used by computers. A specification that describes the procedures that products should follow to perform activities on a network, such as transmitting data.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
