October 17, 2002
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.
Since discussing the issue of sensitive information security in previous InfoGrams, the CIPIC received requests to provide additional elaboration regarding what fire and emergency medical services information warrants protection. These requests were based on recent experiences with telephonic, electronic, and visitor solicitations for various details about department plans and operations. When communicating with solicited organizations, some expressed the desire not to withhold information or remove data from websites that has value for their citizens.
Unfortunately, the usefulness to terrorists of department information in the public domain will not always be readily apparent. What seems like harmless information by itself may actually be dangerous when used by adversaries in conjunction with other publicly available data. This collection of sensitive information can ultimately weaken or negate measures to protect personnel, physical entities, and cyber assets. Therefore, under present threat level conditions, the CIPIC recommends there be no risk taking with sensitive information security. The importance of securing sensitive information from potential domestic or foreign terrorists cannot be over-emphasized.
Because the degradation or destruction of the critical infrastructures of any emergency first response agency must be unacceptable and avoided, the CIPIC advises that public access be denied to the following information. The CIPIC cautions, however, that this listing is NOT complete and will differ from one fire/EMS department to another:
U.S., Western, and Mid-Eastern intelligence officials believe that al Qaeda loyalists have initiated a new terror campaign using rudimentary, smaller-scale operations aimed at creating economic hardship. These experts warned that "al Qaeda and affiliated extremist groups are resorting to more indiscriminate attacks against 'soft' targets". They further cautioned that "the simplicity of these attacks might make them more difficult to predict and prevent".
Given the enduring lack of specificity of method, target, and timing, emergency first responders throughout the United States continue to inquire about the minimum essential precautions appropriate for their departments. Realistically, exact answers for each department are difficult to provide because they depend on many functional and environmental factors. Nevertheless, in order to promote proactive terrorism preparedness, the CIPIC suggests that fire and EMS leaders consider the following fifteen general actions:
Last month, the Federal Emergency Management Agency (FEMA) released FEMA Publication 386-7, entitled: State and Local Mitigation Planning how-to Guide for Integrating Human-Caused Hazards into Mitigation Planning. The guide thoroughly explains the hazard mitigation planning process. According to this guide, "hazard mitigation planning is the process of determining how to reduce or eliminate the loss of life and property damage resulting from natural and human-caused hazards." The planning process uses four basic phases: organize resources, assess risks, develop a mitigation plan, and implement the plan and monitor progress.
A CIPIC review of the guide and process reveals important similarities between the hazard mitigation planning process and the critical infrastructure protection (CIP) process. Both processes lead the practitioner to accomplish the following regarding natural and human-caused hazards:
Essentially, both processes foster proactive activities to reduce or eliminate the loss of life and property. The major difference between the two processes is that hazard mitigation planning generally concerns the protection of all life and property; however, the CIP process addresses only critical infrastructures. Critical infrastructures are the people, physical entities, and cyber systems that are indispensably necessary to sustain an organization's survivability, continuity of operations, and mission success. The CIP discipline recognizes that in this tremendously resource-restrained environment, where time, money, personnel, and materials are scarce, an organization cannot protect everything. Therefore, the CIP process is a decision sequence that assists leaders in determining the critical assets that really need protection as well as when.
For more information about the Hazard Mitigation Planning Guide (FEMA 386-7), see the following website where the guide will be posted within the next couple of weeks: http://www.fema.gov/fima/planresource.shtm. To learn more about the CIP Process, see the USFA CIP website at: http://www.usfa.fema.gov/fire-service/cipc.cfm.
This week, the Centers for Disease Control (CDC) announced plans for a national early warning system for bioterrorism. The system was pioneered at Harvard University and will watch for signs of an anthrax, smallpox, or other disease outbreaks in the aches, pains, and sniffles among U.S. patients. CDC committed over one million dollars to a trial of the computerized surveillance network, which will review thousands of daily diagnoses for unusual patterns, such as a sudden increase in reports of symptoms that could signal a biological attack. Additionally, the system could provide early warnings of less sinister disease outbreaks, such as the flu or food poisoning. If trials are successful, the system may be fully operational nationwide within a year.
A CDC spokesperson stated that early detection is pivotal. "If smallpox and anthrax infections are caught in their first stages, patients can be treated much more effectively. In the case of smallpox, the spread of the illness can be contained."
"A system like this may give public-health officials a three-day lead time. And that lead time may result in the saving of a great number of lives," said Dr. James Nordin, a clinical investigator at HealthPartners Research Foundation in Minnesota, which is participating in the experiment.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
