InfoGram

November 29, 2001

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.

Deciding What To Protect

Federal government officials recently predicted an increase in attacks against critical infrastructures during calendar year 2002. Pointing to a probable rise in deliberate attacks, they warned that all levels of American government and the private sector should proactively prepare for attacks by foreign and domestic terrorists. Security analysts from several private corporations concur with this federal government forecast and the warning to prepare.

The prediction of more terrorist incidents next year is obviously not good news for the nation and its emergency first response community. It is a well known fact that fire and EMS senior leaders are already grappling with tight budgets and limited resources. Protecting critical infrastructures as advised can be somewhat complex and costly, and potentially create havoc with the department's budget.

It is the reality of all departments that everything cannot be protected. Indeed, everything may not need security measures. To avoid the misallocation of scarce dollars and resources, the CIPIC advises that fire and EMS decision makers first determine what really needs protection. To do this effectively, the CIPIC offers a critical infrastructure protection (CIP) process. This process is a time efficient, resource restrained, and user friendly model to assist leaders in deciding what infrastructures to protect. The application of the CIP process should provide senior leader with confidence regarding what infrastructures require protection now, later, or never.

To learn more about the CIP process, contact the USFA CIPIC using the information seen at the bottom of this InfoGram.

Security Policies

An excellent security policy is the foundation of any security program. Nevertheless, an informal survey revealed that many fire and EMS departments do not have a written security policy. Creating a security policy that supports all of the organization's needs and objectives will be a demanding endeavor. And drafting the initial policy is only the first step.

A security policy should not be a permanent document. It should be an adaptable one that evolves to accommodate changing threats, conditions, circumstances, or operating environments. To be truly excellent, the policy must be continually reviewed, improved, communicated to all personnel, and enforced throughout the organization.

It is appropriate that a CIP program be inserted as a component part of an organization's security policy. Therefore, whether revising an existing policy or preparing a new one, the CIPIC recommends that department leaders consider including a CIP program and the critical infrastructures requiring countermeasures. When completed, all department personnel should be briefed regarding the revised policy and to ensure awareness of actions they can take to bolster applied protective measures.

Working Together

Addressing the lack of interoperability among law enforcers, firefighters, and emergency medical staff, the Maryland state government is planning to install voice and data communications systems that would guarantee communications for these personnel across jurisdictions. The voice system will be activated next year for initial coverage in five jurisdictions of central Maryland. The system will provide capabilities and redundancy to enhance job performance, mutual cooperation, and safety. Although the U.S. Fire Administration cannot endorse nor substantiate any claims made by the manufacturer of this system, it appears that if successful the effort will serve as a fine example of "work together or hang separately."

On the matter of working together, since the events of 11 September, more municipal government officials are conducting regular emergency preparedness meetings with the key community leaders (e.g., police, fire, EMS, emergency management, emergency communications, hospitals, schools, transportation, utilities, social services, Red Cross, etc.). Informal interviews indicate that these meetings occur to review preparedness, exchange ideas on what could be done better, and acquire the support and cooperation of all involved.

The CIPIC advises that such meetings are the ideal forum for decisions regarding what are the critical infrastructures of the municipality, and which ones must be secured in order to preserve continuity of operations and protection of the life and property of citizens.

Personal Infrastructure Protection 102

It is a common understanding that personal problems can potentially diminish job performance. Therefore, it is not unreasonable or unethical for leaders to be concerned about the personal well-being of subordinates. As a result, more leaders in the public and private sectors are providing quality information to their personnel about personal infrastructure protection. To assist the leadership of the fire and emergency medical services, the CIPIC offers the following as a follow-on to Personal Infrastructure Protection 101, seen in the 9 August InfoGram:

• Guard your Social Security Number and give it only when absolutely necessary.
• Ask how it will be used to ensure you agree before giving any personal information.
• Read all billing statements with great care to discover any discrepancies.
• Keep minimal personal information and only one credit card in your wallet.
• Maintain control over receipts, especially those from credit card purchases.
• Completely tear or shred paperwork with personal information before disposal.
• Consider installation of a locked mailbox to deter mail theft.
• Deposit correspondence containing personal checks in an official USPS mailbox.
• Arrange to acquire new check books at the bank and not through the mail.
• Examine your credit reports no less than annually.