InfoGram

February 21, 2002

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@fema.gov.

Family Infrastructure Protection

A week does not pass without some news or development regarding emergency preparedness. Almost always, what we see or hear on this matter pertains to actions by the various levels of government. It is a rare event to receive protection information about a type of infrastructure that means most to most people: the family.

Protecting the family infrastructure is a multi-faceted endeavor involving challenging activities such as family finances, identity theft prevention, wills, home and property security, school security, and transportation safety. Yet, too many people, even among emergency first responders, do not proactively invest quality time and effort to ensure outstanding family infrastructure protection. A substantial number of individuals seemingly prefer to rely on the government rather than learn how to protect themselves and their families.

As an excellent example for others, the CIPIC encourages firefighters and EMTs to demonstrate their leadership by implementing family infrastructure protection measures where practicable and appropriate. The following are some of the minimum essential actions to consider:

• Develop and follow a family financial management plan.
• Learn and practice the simple steps to avoid identity theft.
• Prepare a "Last Will and Testament" document.
• Ensure home and car locks are intact and operational.
• Draft and rehearse a family emergency plan.
• Design and conduct family preparedness and evacuation drills.
• Create and enforce recognition passwords for family members and close friends.
• Assemble a survival box with food, water, first-aid kit, blankets, lights, etc.
• Designate assembly points for all to meet both inside and outside of the home.
• Encourage schools leaders to prepare comprehensive emergency response plans.
• Help schools leaders to schedule and practice emergency and evacuation drills.
• Educate private car and school bus drivers on alternate emergency routes.
• Establish an emergency support network with nearby neighbors.
• Prepare to offer crisis counseling or refer to those who do.

CIP Budget Realities

Most state and local governments are attempting to reconcile the adverse effects of the ongoing recession. Budget crunches in the last few months are forcing governors and mayors to deplete their previously existing surpluses. This being the case at so many places throughout the United States, it should be obvious that there cannot be any tolerance for waste and misguided spending in the business of emergency preparedness and critical infrastructure protection.

On a brighter note, hospitals, laboratories, and first responders may imminently begin receiving a part of $220 million designated for the fiscal year 2002 purchase of public health alert communications systems that link with the Centers for Disease Control and Prevention. According to Secretary Tommy Thompson of the U.S. Department of Health and Human Services (HHS), state and local eligible recipients must first present plans for this money, which are subsequently reviewed and approved by their respective governors and HHS.

Overall, this year's HHS budget includes $2.9 billion for various bioterrorism programs mainly intended to give first responders the basic capabilities to respond to and survive a biological attack. Another $4.3 billion is slated for next year in the fiscal year 2003 White House budget proposal.

Additionally, the time has arrived for local governments and their fire and EMS departments to prepare for the $3.5 billion granted to counties and municipalities for first responder training and equipment. The CIPIC advises that county commissioners be urged to get involved in this grant program so as to acquire money for a quality first response to all emergencies. Upon their doing so, fire and EMS departments should be able to contact their county commissioner's office for more information.

Interdependent Infrastructures

Believing that it is just a matter of time before it happens, Bush Administration officials have been working tirelessly to prevent a cataclysmic cyberattack on American critical infrastructures: emergency services, telecommunications, electrical power systems, gas and oil facilities, banking and finance, transportation, water supply, and continuity of government. These officials recognize that a cyberattack on one critical infrastructure will inevitably degrade or disrupt the others because of their interdependent nature. They say, "it is hard to tell where one infrastructure ends and another starts." Government experts also fear that a well-coordinated series of cyber and physical attacks could result in massive victimization, horrendous destruction, and severe economic collapse.

A recent report to Congress on cybersecurity revealed that many government agencies, local governments, and high-tech companies are aware of significant vulnerabilities in their cyber systems. Yet, despite this awareness, "some are reluctant to pay to have the vulnerabilities eliminated." Therefore, President Bush's top cybersecurity advisor, Richard Clarke, issued a national "wake-up call" to protect cyber-based infrastructures as soon as possible. "Terrorists must be prevented from gaining access to the digital controls for the nation's emergency services, utilities, power grids, air traffic control systems, and nuclear power plants." Mr. Clarke stated that threats of a cyberattack on critical infrastructures are no longer theoretical. He asserted that cyberterrorists will look for the vulnerabilities, which are where critical infrastructures are most fragile. He added, "if I was a betting man, I'd bet that many of our key infrastructure systems already have been penetrated." Another government official said: "while bin Laden may have his finger on the trigger, his grandson may have his finger on the mouse."

To guarantee the continuity and success of emergency services, the CIPIC recommends the CIP process. Fire and EMS departments that depend on cyber or telecommunications systems (including 9-1-1) for daily operations can apply the CIP process to identify existing vulnerabilities and schedule their elimination as soon as resources allow. To learn more about the CIP process contact the CIPIC by telephone at 301-447-1325 or by email at usfacipc@dhs.gov.

Wireless LAN for Emergency Communications

According to Computerworld.com, the city of Glendale (CA) recently decided to use wireless LAN technology to provide high-speed data service to its fire, police, and public works departments. This decision came after city officials determined that cellular mobile data services cost too much and deliver too little. Glendale's assistant director of information services said cellular carriers do not provide enough throughputs to support high-bandwidth applications required to run emergency services.

On this matter, the National Infrastructure Protection Center commented that wireless security protocols have either been an add-on or of secondary importance prior to this development. The use of 3DES encryption in this case has brought real security to wireless networking and is a good first step toward acceptance within the government and critical infrastructure agencies.