InfoGram

April 17, 2003

NOTE: This InfoGram will be distributed weekly to provide members of the emergency management and response sector with information concerning the protection of their critical infrastructures. It has been prepared by NATEK Incorporated for the Emergency Preparedness and Response Directorate. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Fire/EMS Activities for Level RED (Severe)

On 16 April, the Department of Homeland Security announced that it lowered the Homeland Security Advisory System (HSAS) Level from ORANGE (High) to YELLOW (Elevated). Recommended activities for HSAS Level YELLOW can be seen in the 6 March InfoGram at the following URL: http://www.usfa.fema.gov/fire-service/igmar0603.cfm.

During the past few weeks, the CIPIC received many inquiries for guidance in the event the level is raised to RED. To comply with these requests, the CIPIC proposes the following to protect the critical infrastructures of first response departments. The CIPIC advises that these recommendations for Level RED be implemented in addition to those already ongoing for Level ORANGE:

• Increase or redirect personnel to address critical emergency needs.
• Preposition and mobilize specially trained teams and resources.
• Monitor, redirect, or constrain transportation systems.
• Close and secure non-essential facilities.
• Contact local police agencies once daily or more frequently if necessary.
• Prepare to support the short-term housing of personnel and their families.
• Modify plans and actions to address the specific threat.
• Review and prepare to implement other pertinent emergency operations plans.
• Review plans and actions for returning to a lower HSAS level.
• Plan for alternate service delivery in the event of a disruption in routine service.
• Close fire/EMS controlled parking garages to incoming traffic.
• Shut-down non-essential network and computer systems.
• Alert personnel to current situation and provide special directions as needed.
• Release non-emergency and/or non-essential personnel.
• Activate the emergency operations center (EOC) with medium level staffing.
• Employ the on-call EOC team and alert the off-call team.
• Employ special teams as necessary.
• Preposition apparatus, equipment, and supplies as required.
• Keep personnel and apparatus indoors except for responses.
• Arrange with local police to provide access controls to an incident site.

Strengthening CIP with OPSEC

Operations Security (OPSEC) is the discipline of protecting information that is critical for the successful accomplishment of an organization's mission. The identification and protection of critical information will impede its inadvertent disclosure and access by domestic and international adversaries. Critical infrastructures almost always have critical information that if divulged can be used to degrade or destroy the infrastructures. This is why OPSEC is necessary to strengthen critical infrastructure protection (CIP).

When thinking about OPSEC, chief officers of emergency first responders should ask themselves this question: "If I wanted to disrupt or prevent operations enroute to or at the scene of an incident, what information would I need to know and where would I get it?" The answer should clearly identify a department's critical information that must be protected in order to ensure the same outcomes as CIP: survivability, continuity of operations, and mission success.

Fire and EMS departments have an abundance of critical information of high value to intelligence collectors of terrorist or extremist groups. Therefore, it is crucial for chief officers to evaluate their operations from the viewpoint of an adversary who intends to harm personnel and impair operations. For example, the CIPIC believes that our criminal opponents desire information regarding: department capabilities for various emergencies, command structure, incident command protocols, levels of competence, apparatus and equipment status, mutual aid agreements, response times, preferred routes, radio frequencies, call signs, floor plans of key structures, etc.

For more information about OPSEC and why it is essential to complement CIP, please contact the CIPIC at (301) 447-1325 or at usfacipc@dhs.gov.

Voice Mail Telephone Scam

Since money is in short supply, the CIPIC suggests that fire/EMS departments and personnel using voice mail should be alert to a new telephone scam, which results in enormous fraudulent charges on their phone bills, and has the potential to obstruct infrastructure protection. The scam continues to force consumers to pay thousands of dollars for calls they did not make or authorize. According a Los Angeles Times article this week, victims of the scam who have been held liable for large sums of money already include numerous local governments, corporations, universities, small businesses, and private citizens throughout the U.S.

This fraud occurs when hackers break into voice mail systems or access answering machines and change the outgoing messages in order to make unauthorized collect or third-party billed calls. The hackers do this by changing the victim's outgoing phone message to create an affirmative response to calls from the mechanized operators used by many long distance service providers. Specifically, "the hackers record the word 'Yes' at the appropriate intervals, so that when the long distance company system asks if the customer will accept the charges for a third-party call, it appears as if permission has been granted." Once they have permission to place the illegal call, these criminal offenders keep the line open for hours or even days at a time.

The major phone companies suggest that consumers "change their pass codes regularly; avoid pass codes that are intuitive, such as birth dates and addresses; and check their announcements to make sure they haven't been changed."

More Protests Planned

The CIPIC received information that between 19 and 27 April, the World Week for Animals in Laboratories (WWAIL) will conduct nationwide activities designed to publicize concerns related to animal testing. WWAIL actions in recent years usually ranged from peaceful educational demonstrations and lawful protests by animal rights activists to violent crimes committed by their extremists. Past WWAIL events have occasionally included the breaking and entering of offices and private homes, arson, property destruction, and vandalism.

This year, WWAIL announced its intention to focus on the offices and employees of the Environmental Protection Agency (EPA). They plan to target the EPA in response to perceptions of unnecessary harm during animal testing related to the enforcement of the Toxic Substances Control Act.

Emergency first responders should be aware that extremist WWAIL members have the capacity to engage in criminal trespass and other crimes. Consequently, the CIPIC advises that chief officers consider that the possible offenses of WWAIL activists can potentially interrupt local critical infrastructures. Therefore, advanced emergency planning would be prudent in those jurisdictions where this moderately dangerous group will assemble.