September 20, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
Last week's InfoGram had the sad duty to report on the degradation of New York City Fire Department (FDNY) critical infrastructures caused by the terrorist attacks on the World Trade Center (WTC) towers. It reviewed that critical infrastructures are those people, things, or systems that will seriously degrade or prevent fire suppression operations and rescue missions if not intact and operational. In the case of FDNY, the critical infrastructures referred to here are the many firefighters and their equipment lost in the collapse of both WTC towers. Identifying a department's critical infrastructures is an important first step in proactively planning for their protection. The second step in a protection process is determining if any of a department's critical infrastructures are threatened and by whom or what. Threats are from people and nature attacks on physical and cyber systems as well as hazardous material accidents. For example, on 19 September, the FBI announced that suspected terrorists may attempt to steal fire trucks and EMS vehicles for use in "car-bomb" attacks across the United States. As those trucks are part of an organization's critical infrastructures, fire and emergency service leaders must consider if their vehicles are adequately secured or if they require additional protection. Because this is a real threat advisory, community leaders are cautioned to give this matter appropriate attention.
According to the Associated Press, within hours of the recent terrorists attacks, the federal government ordered increased security for America's energy systems - "the things that keep this country running." Numerous members of Congress expressed concern that nuclear plants, power lines, hydroelectric dams, water supplies, and oil and gas pipelines are too vulnerable. While there have been no specific threats against these critical infrastructures, events of 11 September prompted energy companies across the country to scramble to increase protection. The heightened security is likely to remain for some time and could, said some industry officials, have permanent effects. New security measures - such as more extensive monitoring of pipelines, water supplies, or more guards at power plants - will be expensive and mean higher energy costs for consumers. Peter Beering, a terrorism preparedness coordinator, called water the "quintessential target" because it has been targeted for centuries in real conflict and on film. "People typically do not become emotionally attached to their electric service, natural gas, or telephone, but they do get very physically attached to the water they consume." Therefore, interruption of running water or actual contamination of the water supply is probably the most significant infrastructure loss. Fires cannot be extinguished and hospitals cannot operate without live saving water. Water industry executives and municipal leaders need to ensure aggressive steps are taken to improve security of water supplies and pumping stations.
The National Academies have put many of their reports regarding security and terrorism on their website. Some of these reports from the four academies in this organization are relevant to the fire and emergency services: Blast Mitigation for Structures, Protection of Federal Office Buildings, Improving Civilian Medical Response to Terrorism, Protecting Buildings from Bomb Damage, and more. Each can be read in their entirety at the following site: www.nap.edu/terror/index.html.
The National Infrastructure Protection Center (NIPC) expects to see an increase in cyber-related incidents as a result of the tragic events of 11 September. NIPC believes the new wave of attacks will take the form of political hacktivism and virus propagation. To limit the potential damage from any cyber attacks, NIPC advises system administrators follow best practices to ensure the security of their networks. Some of the most basic measures are outlined below as a courteous reminder for those administering the networks of emergency first responders:
Dramatic reports of cellular calls from doomed aircraft and damaged buildings focused new attention on the impending federal deadline for the nation's wireless companies to provide the location of 9-1-1 callers. The wireless industry has only a few days remaining until 1 October to have the "enhanced 9-1-1" fully operational. However, the major carriers including AT&T, Sprint, and Verizon told the Federal Communications Commission (FCC) they can not implement the new service as directed because the necessary technology is not yet perfected. Even if available on 11 September, it is uncertain whether the capability would have helped rescuers locate survivors in the ruble. FCC rules require companies to fix the location of a caller within 100 meters and not just a couple of feet. Thomas Noonan, CEO of Internet Security Systems, has experienced a different 9-1-1 related problem. He reported that police officers come to his home at least once a week in response to "calls" by hackers who break into the 9-1-1 system. "This means the 9-1-1 system, a decentralized but critical part of the emergency infrastructure, needs a major network security overhaul." The vulnerability of 9-1-1 systems to hackers has been a continuing problem for several years.
The National Infrastructure Protection Center (NIPC) reported that a new worm, named W32.Nimda.A@MM, is propagating extensively through the Internet worldwide. The worm exhibits many traits of recently successful malicious code attacks such as CODE RED, but it is not just another version of that worm. "Nimda" threatens Microsoft Internet Information Services on Windows 2000 and NT web servers and also individual users running Microsoft Outlook or Outlook Express for their mail service on any Windows platform. Preliminary analysis indicates that once a server is infected it will begin to scan for more vulnerable systems on the local network, which may result in a denial of service for that network. In the case of infected workstations as well as servers, the worm also makes the entire contents of the local primary hard drive available over the network. NIPC believes that an additional user is added with administrative rights. A computer can become infected through a variety of means ranging from simply viewing an infected web page using a browser with no security enabled to opening a malicious email attachment. Use the information at the bottom of this InfoGram to contact the NIPC for assistance if you have been infected with this new malicious worm.
Help to stop greater national traumatization caused by the terrorist attacks of 11 September. Get the word out to your Internet users about scam artists trying to take advantage of the horrifying events of last week. SPAM solicitations have urged citizens to donate money to the Red Cross or other relief organizations. However, the messages direct potential donors to private websites apparently designed to steal credit card numbers. Another scam urges consumers to buy a commemorative phone card with images of New York City, promising to donate 10% of the sale proceeds to victims of the recent attacks. These and similar scams are increasing and can only result in more grief for emergency first responders.
A source code or set of instructions incorporated into an application that directs an Information System to perform an unauthorized and destructive action on a computer.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
