InfoGram

September 27, 2001

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at email at usfacipc@dhs.gov.

Critical Infrastructure Vulnerabilities

The 20 September InfoGram continued the explanation of critical infrastructure protection (CIP) by reporting on the second step in the protection process. It initially reviewed that identifying a department's critical infrastructures is the first step in proactively planning for their protection. The same report communicated that the second step is determining if any of a department's critical infrastructures are threatened and by whom or what. Once department leaders confirm there is a deliberate (people), natural (disasters), or accidental (hazardous materials) threat, the CIP process guides the user to a vulnerability analysis of only those critical infrastructures against which a threat exists. This third step (vulnerability analysis) requires a thorough examination of the security weaknesses in the threatened infrastructures. Although usually not under the control or responsibility of fire and EMS departments, Public Safety Answering Points (PSAPs or 9-1-1 communication centers) are an example of a critical infrastructure because emergency first responders depend on PSAPs to perform their fire suppression or rescue missions. Unfortunately, these facilities are frequently threatened by nature and people attacks. Conducting a vulnerability analysis (the third step) typically reveals that PSAPs are especially vulnerable to operational disruption as a consequence of their physical locations, power sources, line routing, internet-based controls of switching, etc. The mitigation or elimination of any weaknesses (vulnerabilities) cannot be accomplished without knowing where they are!

Emergency Services Infrastructure

The attacks of 11 September fully substantiated the need for tremendous federal government support of the fire and emergency services. "When terrorists strike, our fire and EMS people are the first responders," said Representative Curt Weldon, chairman of the House Subcommittee on Readiness. "Emergency first response departments throughout the nation require additional personnel, outstanding equipment, and quality training to efficiently perform their life and property saving missions." Rep. Weldon is pursuing increased federal funding to man, equip, and train fire and EMS departments for situations including nuclear, biological, and chemical weapons. In a related development, the International Association of Fire Chiefs (IAFC) recently announced intentions to ask Congress to establish a new federal program to create 75,000 more firefighter jobs across the United States in 2002, according to Firehouse.com. This attempt to bolster the emergency services infrastructure could cost at least $3.75 billion to fill the new positions based on average salary and benefits calculations. Details about how the program would be funded and administered are still under consideration. "We want to ensure the fire service needs are met," said Chief John Buckman, the IAFC President. "The terrorist attacks on New York City and the Pentagon have highlighted the changing role of America's fire departments, and focused significant attention on the resources which are allocated to support them in their mission."

Critical Infrastructure Information Security Act

Senators Robert Bennett (R-UT) and Jon Kyl (R-AZ), as reported by Newsbytes.com, have unveiled legislation to encourage private businesses to share information with federal government agencies that could help prevent future terrorist attacks. The Critical Infrastructure Information Security Act facilitates a cooperative exchange of information without fear that the information would be disclosed to the general public through the Freedom of Information Act. "With more than 85 percent of critical infrastructure entities owned and operated by the private sector, voluntarily shared information leads to a more focused understanding of threats and empowers government, industry, and private citizens to mitigate risk," Senator Bennett said in a statement. Since some of the critical infrastructures of the fire and emergency services may be privately owned or contracted, the real effect of this act on the first response community remains to be seen. The Critical Infrastructure Protection Information Center conducted research to accurately identify the major critical infrastructures of the fire and EMS sector. Those people, things, or systems (critical infrastructures) that the fire and EMS community depend upon to accomplish fire suppression and rescue missions are:

• Firefighters and EMTs including their Equipment
• Public Safety Answering Points (9-1-1 Communication Centers)
• Computer-aided Dispatch and Computer Networks
• Pumping Stations and Water Reservoirs for Major Urban Areas
• Major Roads and Highways serving Large Population Areas
• Bridges and Tunnels serving Large Population Areas

Terrorism Preparedness Planning

A survey of 456 cities conducted by the National League of Cities revealed that the majority of these cities have terrorism readiness plans. The study also discovered that most of the municipalities with existing plans will soon revise them. WaterTech.Online offered more survey findings in the following quote. "Some of the responding cities listed specific changes they are planning as a result of the 11 September attacks, including: obtaining training in how to respond to biological and chemical poisoning; learning better ways to monitor safety of water supplies and keep them safe; seeking more state and federal grants for terrorism training; updating emergency equipment; hiring additional police and fire personnel; improving security coordination with military bases, federal labs, and defense facilities; securing supplies of blood, fuel reserves, and other necessities." Don Borut, executive director of the National League of Cities, further commented that "all American cities and towns should assess potential terrorist threats to their communities and then plan accordingly, making the best use of available state and federal resources for planning, response, and coordination." The Critical Infrastructure Protection Information Center recommends that any initial planning or revising efforts give serious consideration to the proactive protection of critical infrastructures, particularly those of the emergency first responders seen above.

New "Vote Virus"

The National Infrastructure Protection Center (NIPC) issued an advisory regarding a new file-deleting virus (W32.Vote.A@mm) masquerading as a program that allows people to vote on whether or not the United States should go to war. This tricky virus is spreading via electronic mail to users of Microsoft's Outlook email program and appears with the subject line: "Peace between America and Islam!" When the attachment entitled "WTC.exe" is opened, the virus deletes all the files on the computer's hard drive and sends copies of the original email message to every address listed in the computer's address book. As always, users are cautioned about opening any email attachment unless it is from a well known and trusted source who actively practices cyber security. Also, the anti-virus industry recommends that consumers filter incoming messages for ".exe" files to ensure that they do not contain malicious code. The "Vote Virus" also defaces any Web pages that are hosted by an infected computer.

USFACIPC Weekly Lexicon: Mitigation

Mitigation refers to pre-planned and coordinated reactions to infrastructure warning and/or incidents designed for the following major purposes:

• Reduce or eliminate the impact of emergency events.
• Support and complement emergencies, crisis management, and investigations.
• Facilitate reconstitution.