InfoGram

This page may contain links to non-U.S. government websites. What this means to you »

February 21, 2002

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@fema.gov.

Family Infrastructure Protection

A week does not pass without some news or development regarding emergency preparedness. Almost always, what we see or hear on this matter pertains to actions by the various levels of government. It is a rare event to receive protection information about a type of infrastructure that means most to most people: the family.

Protecting the family infrastructure is a multi-faceted endeavor involving challenging activities such as family finances, identity theft prevention, wills, home and property security, school security, and transportation safety. Yet, too many people, even among emergency first responders, do not proactively invest quality time and effort to ensure outstanding family infrastructure protection. A substantial number of individuals seemingly prefer to rely on the government rather than learn how to protect themselves and their families.

As an excellent example for others, the CIPIC encourages firefighters and EMTs to demonstrate their leadership by implementing family infrastructure protection measures where practicable and appropriate. The following are some of the minimum essential actions to consider:

CIP Budget Realities

Most state and local governments are attempting to reconcile the adverse effects of the ongoing recession. Budget crunches in the last few months are forcing governors and mayors to deplete their previously existing surpluses. This being the case at so many places throughout the United States, it should be obvious that there cannot be any tolerance for waste and misguided spending in the business of emergency preparedness and critical infrastructure protection.

On a brighter note, hospitals, laboratories, and first responders may imminently begin receiving a part of $220 million designated for the fiscal year 2002 purchase of public health alert communications systems that link with the Centers for Disease Control and Prevention. According to Secretary Tommy Thompson of the U.S. Department of Health and Human Services (HHS), state and local eligible recipients must first present plans for this money, which are subsequently reviewed and approved by their respective governors and HHS.

Overall, this year's HHS budget includes $2.9 billion for various bioterrorism programs mainly intended to give first responders the basic capabilities to respond to and survive a biological attack. Another $4.3 billion is slated for next year in the fiscal year 2003 White House budget proposal.

Additionally, the time has arrived for local governments and their fire and EMS departments to prepare for the $3.5 billion granted to counties and municipalities for first responder training and equipment. The CIPIC advises that county commissioners be urged to get involved in this grant program so as to acquire money for a quality first response to all emergencies. Upon their doing so, fire and EMS departments should be able to contact their county commissioner's office for more information.

Interdependent Infrastructures

Believing that it is just a matter of time before it happens, Bush Administration officials have been working tirelessly to prevent a cataclysmic cyberattack on American critical infrastructures: emergency services, telecommunications, electrical power systems, gas and oil facilities, banking and finance, transportation, water supply, and continuity of government. These officials recognize that a cyberattack on one critical infrastructure will inevitably degrade or disrupt the others because of their interdependent nature. They say, "it is hard to tell where one infrastructure ends and another starts." Government experts also fear that a well-coordinated series of cyber and physical attacks could result in massive victimization, horrendous destruction, and severe economic collapse.

A recent report to Congress on cybersecurity revealed that many government agencies, local governments, and high-tech companies are aware of significant vulnerabilities in their cyber systems. Yet, despite this awareness, "some are reluctant to pay to have the vulnerabilities eliminated." Therefore, President Bush's top cybersecurity advisor, Richard Clarke, issued a national "wake-up call" to protect cyber-based infrastructures as soon as possible. "Terrorists must be prevented from gaining access to the digital controls for the nation's emergency services, utilities, power grids, air traffic control systems, and nuclear power plants." Mr. Clarke stated that threats of a cyberattack on critical infrastructures are no longer theoretical. He asserted that cyberterrorists will look for the vulnerabilities, which are where critical infrastructures are most fragile. He added, "if I was a betting man, I'd bet that many of our key infrastructure systems already have been penetrated." Another government official said: "while bin Laden may have his finger on the trigger, his grandson may have his finger on the mouse."

To guarantee the continuity and success of emergency services, the CIPIC recommends the CIP process. Fire and EMS departments that depend on cyber or telecommunications systems (including 9-1-1) for daily operations can apply the CIP process to identify existing vulnerabilities and schedule their elimination as soon as resources allow. To learn more about the CIP process contact the CIPIC by telephone at 301-447-1325 or by email at usfacipc@dhs.gov.

Wireless LAN for Emergency Communications

According to Computerworld.com, the city of Glendale (CA) recently decided to use wireless LAN technology to provide high-speed data service to its fire, police, and public works departments. This decision came after city officials determined that cellular mobile data services cost too much and deliver too little. Glendale's assistant director of information services said cellular carriers do not provide enough throughputs to support high-bandwidth applications required to run emergency services.

On this matter, the National Infrastructure Protection Center commented that wireless security protocols have either been an add-on or of secondary importance prior to this development. The use of 3DES encryption in this case has brought real security to wireless networking and is a good first step toward acceptance within the government and critical infrastructure agencies.

Disclaimer of Endorsement

The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.

Fair Use Notice

This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.

Reporting Notice

DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.

The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm

For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.

When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

RSS FeedWeekly INFOGRAM's are now available as an RSS Feed. More Information »