InfoGram

May 30, 2002

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.

Breaking Down Barriers

Setting an excellent example for fire and police departments throughout the United States, on 23 May, the commissioners of the New York City (NYC) Fire and Police Departments announced they would exchange liaison officers to improve communications between the two agencies and to conduct specialized training together. The New York Times reported that this new arrangement will also "ease the tensions that have long divided some of their members." Although the cooperative working relationship was prompted in part by miscues on 9/11, the commissioners agreed that "with the city facing new challenges-and possibly more attacks-both agencies understood the necessity to dispense with the rivalries and disputes that have degraded mutual respect and coordination for decades."

This development has the potential to yield considerable benefits for the citizens and infrastructures of New York City. Breaking down the barriers promotes a cohesive relationship that encourages direct access and daily contact between the decision makers and operations staff of both departments. Everyone wins when fire and police departments effectively collaborate on sensitive information and execute joint response training. Significantly enhanced survivability, continuity of operations, and mission success will be the likely result for department personnel and the people they serve. Given the possibilities for future attacks on national or local critical infrastructures, the CIPIC suggests following the NYC example and quickly terminating the "battle of the badges" where it still exits. Replace divisiveness with the spirit and harmony of two parts of the same dedicated team against a formidable adversary.

Vague Warnings Impair CIP

A senior government intelligence official conceded: "we have too much information that is unreliable or outright deception and almost nothing that could tip us off to a real attack." He admitted that the intelligence community is presently "choking on bad information and yearning for something reliable." A second intelligence official lamented that issuing too many vague warnings containing undependable information could be harmful "because they wear down the public and law enforcement agencies."

During interviews conducted last week by the New York Times with the homeland security czars of 44 states, many said they no longer take action since "the alerts are too vague and their overburdened agencies already stand at heightened readiness." Most said they were already doing all they could to protect against unspecified threats. "There's not much more you can do," expressed one deputy governor. The warnings are "just additional information on the types of threats we already know existed," stated another state security coordinator.

Facing serious budget deficits, numerous state and local governments have been unwilling to allocate funds for infrastructure protection based upon the uncertainty of so many threat advisories and warnings. This reality potentially endangers the safety and response capabilities of the police, fire, and emergency medical services for present and future operations. Those states and municipalities hesitant to invest in the protection of their emergency first responders-an indispensable critical infrastructure-should optimistically anticipate the receipt of federal money in the next fiscal year.

States, counties, and cities can avoid impairing critical infrastructure protection (CIP) by actively identifying their infrastructure protection priorities in preparation for the acquisition of Fiscal Year 2003 federal homeland security dollars. There are indications that having a quality critical infrastructure protection plan could actually increase the possibilities of obtaining future funding. Also, recognizing that everything cannot be protected, the CIPIC recommends the application of the CIP process in order to efficiently determine what really, really needs protection. Despite how much money may eventually be allocated, there is no government or agency that can afford to protect that which is not directly related to the safety of citizens and continuity of operations.

CIP Process Job Aid

State, county, and local leaders, including those of emergency first responders, have the responsibility to decide which infrastructures must be protected from attacks by people, nature, or HazMat accidents. Scarce resources (i.e., money, personnel, time, and material) make these decisions somewhat complicated or difficult. How then, does one determine the fewest indispensable infrastructures to receive the application of these scarce resources? Again, the CIPIC advocates the implementation of the CIP process to secure the effective protection of the people, physical entities, and cyber systems that are genuinely mission critical.

The CIP process is an analytical model or template to guide the systematic protection of critical infrastructures. More basically, it is a reliable decision sequence that assists leaders in ultimately determining exactly what really needs protection as well as when. As a time-efficient and resource-restrained practice, the process ensures the protection of only those infrastructures upon which survivability, continuity of operations, and mission success depend. The process, which can make a favorable difference if periodically repeated, consists of the following steps:

• Identifying critical infrastructures essential for the accomplishment of operations.
• Determining the threat against each of the critical infrastructures.
• Analyzing the vulnerabilities of the threatened critical infrastructures.
• Assessing risk of the degradation or loss of threatened and vulnerable infrastructures.
• Applying countermeasures to protect infrastructures where risk is unacceptable.

To assist leaders and managers of emergency first responders, the CIPIC developed a CIP Process Job Aid as a brief, user-friendly guide for the implementation of the CIP process or the development of a CIP program. After a thorough review, the Job Aid has received final approval for public dissemination and website posting. Effective Monday, 3 June 2002, the CIP Process Job Aid will be accessible at the USFA CIPIC website: www.usfa.fema.gov/cipc. Any questions about the Job Aid can be directed to the CIPIC at (301) 447-1325.

Identity Theft: A Personnel Infrastructure Detractor

By various unscrupulous means, criminals continue to access and use sensitive personal information about American citizens, even from among members of the fire and emergency medical services. With alarmingly increasing frequency in the United States, these lawbreakers are using social security numbers to "steal" the identity of individuals for illicit purposes such as making large expenditures. Victims of "identity emulation" report that the crime caused them much anguish, fear, turmoil, etc., for significant periods of time.

Therefore, the CIPIC urges all leaders to educate their personnel regarding the steps they can take to protect their social security numbers and other critical personal data. Furthermore, if anyone suspects that a third party has compromised their privacy information, they should report this to the following phone number: 1-877-438-4338; or complete the form at the following website: www.consumer.gov/idtheft. Individuals are invited to visit this website to learn more about identity theft and how to prevent it.