InfoGram

March 28, 2002

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.

The Insider Threat

In the 21 March InfoGram, the CIPIC discussed the reality of domestic terrorism. The article mentioned that there may be in excess of 676 home-grown hate groups actively operating in the United States. Most of these extremist groups are secretive and perform their terrorist activities by very covert methods. It should be no surprise that the typical profile of a member of one of these criminal groups will almost always appear unsuspicious with a normal home and work life.

The likelihood of a clandestine group member being accepted for employment by a volunteer or career department seems rather remote. After all, most departments conduct routine background investigations on prospective candidates. Some of the background checks by large career departments can be quite extensive. But with group membership growing nationally each year, is it really unlikely that a domestic terrorist could join the ranks of emergency first responders? Remember, membership and participation in most extremist clusters may be unknown to law enforcement and investigative agencies.

A firefighter, emergency medical technician, or police officer who is an active member of an extremist group presents an internal threat to the critical infrastructures of his/her department. With access to key personnel, apparatus, essential equipment, communications assets, standard operating procedures, etc., the individual has ample opportunities for intelligence gathering, sabotage, or worse. Their criminal activities inside the department can adversely affect the survivability and operational effectiveness of department personnel when responding to a major incident.

The time has arrived for department junior and senior leaders to become extremely well acquainted with their subordinate personnel. Unfortunately, it is necessary to be especially attentive to the words and deeds of co-workers. In order to deter or prevent the insider threat within departments, the CIPIC urges all leaders to watch for unusual or suspicious actions. Without creating paranoia, anything extraordinary should be quickly and thoroughly investigated.

Sanitizing Websites

America's adversaries continue to aggressively collect information about national, state, and local critical infrastructures and their vulnerabilities. They do so by various means, the most common of which is from our very informative websites. When the enemies of the United States succeed in acquiring sensitive information about critical infrastructures, then too often the measures to protect those infrastructures are either weakened or negated. Such an outcome is obviously unacceptable and must be avoided.

On 21 March, the White House Chief of Staff sent a memo to all federal departments and agencies ordering them to immediately remove information that could be advantageous to terrorists. Fire and EMS departments with their own websites are advised to do the same. The CIPIC recommends deletion of any information pertaining to personnel numbers and positions, specific internal details about stations, numbers and types of apparatus, available mission essential equipment, existing communications assets, water sources, preferred response routes, standard operating procedures, and emergency response plans.

Webmasters are usually hesitant to remove data that has information value for citizens. Unfortunately, the usefulness of this same information to terrorists will not always be apparent. For example, a particular piece of information may seem harmless by itself, but when used in conjunction with other publicly available data, the aggregate could be lucrative to those planning criminal attacks. Therefore, department chiefs must be prepared to direct the sanitation of their websites to ensure effective completion and compliance with "common sense security practices." This should be a far-reaching "scrubbing," of not just websites, but also public reading rooms as applicable. Safeguarding sensitive information about state and local critical infrastructures is an excellent example of homeland security beginning at home.

More About the Terrorist Threat to Critical Infrastructures

Studies and investigations into terrorist organizations have been ongoing for several years. Researchers have compiled volumes of information about who terrorists are, their motives, their methods, and even their likes and dislikes. More recently, however, research reveals how they may approach future activities and attacks on American critical infrastructures. The CIPIC believes this information is relevant to the survivability of emergency first responders and the continuity of their operations. Therefore, the following is a brief synopsis of the research findings regarding what the terrorists may attempt to do:

• Seek marriages to U.S. citizens to obtain a green card.
• Arrange travel through legitimate travel agents.
• Pursue immigrant visas.
• Avoid radical groups and mosques.
• Gain entry via the U.S. and Canadian border, especially in the NW.
• Practice politeness and profess disapproval of the 9/11 attacks.
• Carry no identifying information.
• Pay bills by cash only.
• Use pay phones, calling cards, and frequently changing location.
• Use only public Internet cafes, and only once per location.
• Travel in mixed groups of people who are unaware of the terrorist's reason for travel.

Statewide Antiterrorism Unified Response Network

Boston Globe Online reported that Massachusetts just launched an ambitious plan to build a seamless antiterrorism network connecting country roads and city streets to the police, fire, and emergency managers throughout the state, and ultimately, the Office of Homeland Security in Washington D.C. State and local officials who will participate in the new program call it "SATURN," for Statewide Antiterrorism Unified Response Network.

Officials say the SATURN program has three goals: gathering and sharing intelligence on potential terrorists, coordinating and preparing emergency personnel to respond to terrorist incidents, and involving members of the public in preventing terrorism and protecting critical infrastructures. Program leaders consider the intelligence gathering effort the most innovative aspect. "Scraps of data on suspicious activity-perhaps not meaningful by itself-could potentially be invaluable when analyzed together by specialists at SATURN's central information clearinghouse."

Under the plan, each municipality will assign to SATRUN three senior representatives from their police, fire, and EMS departments. These officials will be trained to respond to and help prevent terrorist attacks on critical infrastructures. In turn, they will train the "rank-and-file" police officers, firefighters, and emergency medical technicians in their respective communities.

The program is not without cost. One police chief said he completely agrees with SATURN's goals, but has no idea where the money will come from to support it. The State Director of Public Safety is confident that state and federal funding will carry the program.

Homeland Security Online Resources

The number of websites discussing matters related to critical infrastructure protection has sharply increased in the last several months. Many of these online resources focus on terrorism planning, bioterrorism preparedness, weapons of mass destruction, disease control, etc. These links, including others on emergency preparedness, have been assembled by Stateline.org. Stateline.org provides the link to access practical and laudable websites as exemplified by the following:

• California Governor's Office of Emergency Services. Presents concise information on terrorism planning, response planning, and antiterrorism news bulletins.
• Colorado Department of Local Affairs. Offers basic background information concerning preparedness for nuclear, biological, and chemical terrorism.
• Connecticut Department of Health. Provides information regarding bioterrorism preparedness, disease control and prevention, plus more pertinent links.
• Georgia Public Health Department. Contains comprehensive periodicals and health alerts, and delivers information about various weapons of mass destruction.
• Maryland Department of Health. Identifies links addressing communicable disease guidelines and prevention of the plague, anthrax, and smallpox.
• Minnesota Department of Health. Presents information about anthrax, bioterrorism preparedness, and emergency response planning.
• New Mexico Department of Health. Offers facts and preliminary investigations regarding anthrax and guidelines for responding to bioterrorism.
• New York State Department of Health. Features information on bioterrorism, resources for health care providers, and links to the American College of Physicians.
• National Emergency Preparedness Database. Provides abundant resources regarding nuclear, biological, radiological, and biological incidents, plus much more at: http://www.twotigersonline.com/resources.html.