September 6, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
Federal Communications Commission (FCC) wireless 9-1-1 rules aim to provide emergency services personnel with location information enabling them to find and assist wireless 9-1-1 callers. Under those rules, wireless carriers are required to implement this enhanced service beginning 1 October 2001. Any deviation from the rules requires a waiver. So far, several wireless carriers have filed requests for waivers according to the National Emergency Number Association (NENA). "These petitions are based largely upon individual company analysis and testing of available technology, in different settings, the results of which are just now being disclosed." However, in August, the FCC received a letter signed by numerous members of the House of Representatives urging the Commission to make the rapid deployment of enhanced 9-1-1 services a high priority and to hold firm on the schedule it established. The letter expressed concern that the coordination of effort may be hindered by the use of the FCC's waiver process as a delay tactic rather than for legitimate purposes. The Congressmen wrote that waivers may have a negative effect on the willingness of other industry participants to expend the necessary resources for timely deployment. Their letter also stated "there has been adequate time for wireless carriers and manufacturers to take the necessary steps to meet these long established deadlines. Any further delays in deployment may result in the loss of life."
Despite recent valiant efforts to protect U.S. networks, security experts believe the nation remains highly vulnerable to cyberterrorism because computer-controlled systems are accessible via the Internet. Cyberterrorism is the criminally destructive use of computers, telecommunications, or other cyber/electronic means resulting in physical or psychological distress to targeted governments or civilian populations. The Government Accounting Office (GAO), watchdog agency for Congress, reported recently that "terrorists or hostile foreign states can launch computer-based attacks on U.S. critical infrastructures including communications, transportation, financial markets, water supplies, pipelines, emergency services, and electric power sources." The GAO maintains that cyberterrorists are quickly developing the capability to attack these critical systems to severely damage or disrupt national defense, other critical operations, or to steal sensitive data. While the disruption and/or distortion of data or services are not considered to be a violent act and will not always endanger a human life, they do present unacceptable risks to complex information dependent societies such as ours. The cyber-based critical infrastructures (e.g., 9-1-1, CAD, radios, computers, networks, etc.) of the fire and emergency medical services will not be immune to cyberattacks. Leaders of the emergency first response community are encouraged to fully consider proactive protection of their critical infrastructures as part of emergency management planning. Critical infrastructure protection is all about preventive measures and is not response oriented.
Radio scanners are becoming obsolete. Many more people use computers to access the growing number of websites that eavesdrop on police, fire, and ambulance transmissions in most larger cities throughout the U.S. This reality necessitates that the emergency first response community consider alternative (encrypted) communications for sensitive rescue operations.
The insidious and debilitating viruses sweeping the worldwide network of computer systems validate the need for fire and emergency medical service departments to be even more meticulous than ever about computer network security. "Computer security must be a priority," said Keith Rhodes, the chief GAO technologist. Mr. Rhodes observed that poor security planning and management are still the rule rather than the exception at all levels of government. He urged federal, state, and local governments to adopt a framework for promptly obtaining and analyzing data on imminent attacks, adding that the attacks surfacing today are far smarter and more threatening than just one year ago. "I believe we are still just witnessing warning shots of potentially much more damaging and devastating attacks on the nations critical infrastructures," Rhodes said. Experts agree that the nation's information and communications systems will be the first target of a deliberately planned and organized cyberattack.
There are some definite customer service concerns about the ongoing convergence of the phone network and Internet. During the last fifteen years, intelligent telephone technology produced convenient features (e.g., call waiting, call forwarding, caller ID, etc.). Although these features work well, they are limited because of controls exercised by the phone company. However, bringing the Internet model to the telephone network removes these limits and allows Internet-based control of telephone switching. The telephone network is quickly becoming a giant networking resource that people outside the telephone network can control and manage. This means that telephone networks that were slow, methodical, and reliable will become as "freewheeling" as the Internet. There are valid security implications to this development. Regardless of the enforcement of encryption and authentication procedures, security advisors insist that systems like this are absolutely "hackable." Though it is true that telephone hacking is not new, the worry is that Internet-based controls of telephone switching open a huge hole into the telephone system rendering it immensely vulnerable to a dramatic increase in public tampering and denial of service actions.
A decentralized, global network of computers linked by the use of common communications protocols. The Internet allows users worldwide to exchange messages, data, and images.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
