InfoGram

February 13, 2003

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@fema.gov.

Fire/EMS Department Activities for Level Orange (High)

The federal government raised the Homeland Security Advisory System (HSAS) Level to Orange (High) from Yellow (Elevated) on 7 February. Intelligence officials explained that this occurred because credible threat information gleaned from communication intercepts, informants, foreign intelligence services, and other sources suggested a terrorist attack could be imminent within the United States and abroad. The intelligence analysts indicated that the al Qaeda network appears interested in attacking soft or lightly secured targets during or soon after the Hajj (a Muslim religious period ending approximately 15 February). They are particularly concerned about chemical, biological, and radiological weapons that could contaminate a wide area.

Although most department chiefs have already done whatever possible with their limited resources, there may be more departments should do as a result of the increased threat level and impending risk of an attack. It is necessary to note here that many security experts consider fire/EMS departments among the soft or lightly secured American targets. This may be especially applicable to some of the completely volunteer departments. Therefore, as a guide for activities that may be appropriate for HSAS Level Orange (High), the CIPIC offers the following to protect the infrastructures of fire/EMS departments:

• Conduct frequent inspections of all facilities and HVAC systems.
• Leave all exterior lighting on during periods of limited visibility.
• Keep all facilities locked at all times and conduct deliberate access control.
• Limit visitors to only those essential for the effective functioning of the station.
• Validate vendor lists for all necessary deliveries and repair services.
• Inspect all arriving packages whether announced or unannounced.
• Ensure availability of sufficient food in the event no one can leave the station.
• Secure all apparatus and equipment when not in use.
• Maintain constant observation of apparatus and equipment kept outside of the station.
• Request police assistance to periodically surveil apparatus located away from the station.
• Look for any suspicious activities in or around all facilities.
• Remain attentive for unexplained odors, powders, liquids, etc.
• Restrict all vehicle parking close to facilities if possible.
• Question drivers of vehicles parked at or nearby facilities.
• Require the immediate removal or towing of unattended illegally parked vehicles.
• Coordinate for personnel protection when at the scene of an incident.
• Arrange for aggressively restricted access to the proximate area of an incident.
• Diversify operational procedures to avoid consistent patterns.
• Increase the vigilance of all personnel regardless of rank or position.
• Encourage personnel to vary their routines and habits.
• Instruct personnel to pre-plan emergency responses with supervisors and family.
• Stay aware of current local, state, and national developments.

Preparing First Responder Families for Level Orange

Common leadership theories sustain that subordinates will function with greater enthusiasm and dedication if they are confident about the emergency preparedness and safety of their families. Therefore, it is essential for leaders to promote preparedness activities among the families of their emergency responders for all contingencies and circumstances.

Given the change in the threat level last week, there have been countless interviews and articles regarding what citizens should do to help themselves and their families. Since most of the information applies to all families, the CIPIC will list those few actions that are particularly relevant to the loved ones of emergency first responders:

• Develop an emergency method to communicate with family members.
• Select an out-of-state relative to be the family's single point-of-contact.
• Establish a predetermined meeting place away from your neighborhood.
• Choose another family assembly point outside of the municipality.
• Ensure family members know the address and phone number of meeting places.
• Learn the emergency response plans of applicable schools, employers, etc.
• Prepare to "shelter in place," which means to stay inside your home.
• Assemble disaster supply and first aid kits for use at home or if evacuated.
• Insert in kits: baby formula, prescription drugs, eyeglasses, bottled water, etc.
• Maintain currency of life, property, health, and other insurance policies.
• Determine what will be done with pets since shelters do not allow them.
• Keep a positive attitude for the benefit of younger family members.
• Call 9-1-1 to report what you are seeing, hearing, smelling, and feeling.
• Listen to the directions of local authorities.

HazMat Exercise Lessons-Learned

One day after the government raised the Homeland Security Advisory System to its second-highest level, agencies in Alexandria, Virginia, conducted a long-planned, full-scale hazardous materials exercise at what could be a potential terrorist target: Alexandria's U.S. District Court.

Participants from Alexandria's fire and police departments, the FBI, Virginia's Department of Emergency Management, the U.S. Marshals Service, and the Marine Corps' Chemical Biological Incident Response Force worked together on the exercise, testing equipment purchased after the 9/11 attacks and assessing their agencies' readiness, according to The Washington Post.

The exercise director, Captain John North from Alexandria's Fire Department, prepared a three-part script that had terrorists crash a hijacked tanker into the courthouse, then enter the building to release chemicals in an elevator shaft. As victims were being evacuated and decontaminated, a car bomb was detonated nearby. In writing the script, Captain North chose chemicals that would be relatively easy for terrorists to acquire.

Alexandria Fire Department's Chief Public Information Officer, Jane Malik, and Battalion Chief Joe Hoffmaster, shared some lessons-learned from the recent experience. Ms. Malik suggested that it is helpful to base exercises on realistic scenarios that don't introduce an inordinate number of variables. Chief Hoffmaster explained that terminology was a challenge because different agencies use different terms. For example, the title "operations officer" can have a different meaning depending on the agency. He also pointed out that it is extremely helpful if participating agencies use, or are familiar with, the same Incident Command System (ICS) structure. (NOTE: The U.S. Fire Administration (USFA) adopted the FIRESCOPE Incident Command System as its base for teaching the concepts of incident command. USFA accepted the FIRESCOPE ICS as a system that is documented and successfully tested in managing resources during operations.)

The weather on the day of the exercise was unexpectedly cold and icy, and salt trucks were needed, but as Chief Hoffmaster explained, "weather is an uncontrollable factor." So, too, was an unplanned deviation from the script when it was discovered that someone at the exercise site had dropped a package, which then had to be treated as "suspicious."

There were two steps identified during the planning process that proved to be helpful as well as a courtesy to those in the immediate area:

• Notifying neighbors near the site in advance of the exercise to explain the timing and to educate them about the procedures that would take place.
• Delivering letters to nearby businesses that included a telephone number for anyone who needed to ask questions about the exercise.

NIPC Advisory 03-002

The following information has been extracted and abridged from the National Infrastructure Protection Center (NIPC) Advisory 03-002, dated 11 February 2003, to heighten awareness of an escalation in global hacking activities:

NIPC security experts recently observed a significant growth in malicious cyber aggression involving spamming, web defacements, denial of service attacks, etc. They believe there is a positive correlation between these illicit actions and the increase in international tensions triggered by the confrontation with Iraq. Therefore, the NIPC advised: "it is prudent to be aware of, and prepare for this type of illegal activity."

Considering the growing threat of cyber disruption, supervisors and operators of computers and networked systems should review their defensive postures and procedures and emphasize the importance of meticulous vigilance in system monitoring. System administrators and all computer users can limit potential problems by employing "security best practices."

According to the NIPC, the most basic and effective measures that can be taken are:

• Increase operator awareness
• Update anti-virus software
• Stop hostile or suspicious attachments at the email server
• Utilize filtering to maximize security
• Establish procedures for responding and recovery

The NIPC encourages recipients of this InfoGram to report computer intrusions, attacks on critical infrastructures, and suspicious activities to the NIPC Watch and Warning Unit at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov. Alternatively, incidents can be reported to local law enforcers or the local FBI office. Fire and EMS departments can send their report to the U.S. Fire Administration at (301) 447-1325 or usfacipc@dhs.gov.