InfoGram

June 6, 2002

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.

Planning for Nature Attacks

Research meteorologists warn that the Atlantic Hurricane basin has entered an era of increased storm activity expected to continue for several years. They attribute this ominous forecast to the climatic changes caused by the warming of the water on the surface of the Atlantic Ocean. Despite this prediction for the Eastern United States, years of meager rain and snowfall have resulted in extreme drought conditions and scorching wildfires throughout the Western States.

"Nature attacks" (e.g., floods, tornadoes, etc.) are serious threats against the critical infrastructures of fire and EMS departments as well as those of the local community. They have tremendous potential to drain limited resources and paralyze the people, physical assets, and cyber systems essential for the continuity and success of operations. Therefore, those departments in areas susceptible to "nature attacks" should avoid the serious degradation of their critical infrastructures by preparing and rehearsing quality mitigation and consequence management plans that address their regional "nature threat."

The CIPIC recommends that mitigation and consequence management plans for natural disasters contain the following minimum objectives:

• Protect the health and safety of fire and EMS personnel in addition to citizens.
• Eliminate the loss of apparatus and essential equipment.
• Prevent any disruption to communications capabilities including 9-1-1.
• Avert damage to stations and other key facilities (e.g., water pumping sites).
• Safeguard local and regional medical centers.

Suspicious Contacts

The CIPIC recently learned that fire and/or EMS departments on the East Coast have received electronic mail from foreign universities requesting information about how their department is organized, trained, and equipped. The individuals are also asking for the identification or locations of major response routes.

Such contacts by anyone who does NOT have "the need to know" should be considered highly suspicious and potentially dangerous. However, before hastily deleting the message, departments are urged to immediately send a facsimile of the correspondence to the National Infrastructure Protection Center (NIPC) at: 202-323-2079. NIPC also welcomes email to: nipc.watch@fbi.gov. Alternatively, contact the local FBI office (www.fbi.gov/contact/fo/fo.htm). When communicating with the FBI, always ask for further directions regarding the proper disposition of the suspicious message. Only with the knowledge and evidence of these messages can the FBI Terrorism Task Force efficiently investigate whether or not the message senders have treacherous intentions.

America's adversaries continue to aggressively collect information about the plans, training, and operations of national, state, and local critical infrastructures. Websurfing, electronic mail, and telephone calls are the most common methods they employ to conduct "sensitive information mining." Therefore, all emergency first responders must be alerted to guard against unauthorized data collection and quickly report it when it occurs. Failure to prevent unsanctioned information sharing could unintentionally assist the criminal activities of those who desire to harm our nation.

Interoperable Equipment and Networks

It has often been said that "modern communications technology is as much a burden as it is a solution." The "burden" referred to is one carried by the departments of most emergency first responders. This is true despite the many lessons learned from previous disasters. Federal, state, and local responders have been unable to reliably communicate with each other for too long. Such is because officials must constantly battle new technology, money, coordination, and spectrum-allocation issues. Unfortunately, the lack of interoperability continues to jeopardize the continuity of operations and survivability of critical infrastructures.

The National Institute of Justice (NIJ) is the focal point for providing support to state and local law enforcement agencies in the development of counterterrorism technology and standards, including technological needs for chemical and biological defense. In February 2002, NIJ published a two volume guide for the selection of communication equipment for emergency first responders. The guide focuses specifically on communication equipment and was developed to assist the emergency first response community in the evaluation and purchase of communication equipment that can be used in conjunction with chemical and biological protective clothing and respiratory equipment.

Those fire and EMS departments considering future acquisition of communication equipment for use when responding to suspected chemical or biological incidents are encouraged to consult this guide. Doing so should help to ensure the eventual purchase of equipment that will be easier to operate when wearing protective clothing and interoperable with other departments and agencies.
Volume I of the guide can be found at: www.ncjrs.org/pdffiles1/nij/191160.pdf
Volume II of the guide can be seen at: www.ncjrs.org/pdffiles1/nij/191161.pdf

Cybersecurity Measures

President Bush's special advisor for cybersecurity, Richard Clarke, wants the owners of national, state, and local critical infrastructures to know that "cybersecurity is vital because the Internet is being used to manage many critical applications-telecommunications, electricity supply, water systems, and others-for which it was never intended." Mr. Clarke said that users of the Internet are vulnerable to fraud, identity theft, extortion, and industrial espionage. "Computer attackers as young as teenagers have broken into systems that run everything from dams to air traffic control systems." He expressed that this means the United States has a national security threat for which we cannot depend only upon government agencies. Mr. Clarke extended a challenge to the owners of critical infrastructures: "solve the problem in partnership with the government."

While so much justifiable attention is being given to preparing fire and EMS personnel for responses to incidents of mass destruction and/or victimization, it may be easy to neglect the security of applied telecommunications and electronics. Therefore, the CIPIC advises all departments to scrutinize existing telecommunications and cybersecurity measures. Be additionally prepared to give some attention to eliminating identified systems vulnerabilities, thereby avoiding possible degradation caused by weapons of mass disruption.