InfoGram

July 31, 2003

NOTE: This InfoGram will be distributed weekly to provide members of the emergency management and response sector with information concerning the protection of their critical infrastructures. It has been prepared by NATEK Incorporated for the Emergency Preparedness and Response Directorate. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

"Partnership + Practice = Preparedness"

The title of this article was one of the major messages emphasized earlier this week when more than 900 individuals gathered in Arlington County (VA) to attend the conference entitled: "Local Response to Terrorism: Lessons Learned from the 9-11 Attack on the Pentagon." Building relationships with all organizations that could potentially respond to an incident was another key point stressed during two and a half days of meetings and breakout sessions.

On the first day, attendees were divided into groups by specialty: fire and rescue, EMS, law enforcement, emergency management, and city/county managers. Each group was charged with identifying the top two or three most important issues or challenges and possible solutions. The following day participants were separated into groups based on the population of their community and were given the same directions as the previous day.

An attendee of this event observed that the big issues or challenges either directly or indirectly affect critical infrastructure protection (CIP). For example, the fire and rescue group highlighted interjurisdictional relationships and catastrophic incident planning. The EMS group accented communications and training. And the emergency management group underscored top-down leadership commitment to emergency management and interoperability.

The matters accentuated by these group members have consequential repercussions for CIP. Regardless of their nature or category (e.g., relationships or interoperability of systems and communications), the status of these issues and their solutions will make a considerable difference in the protection of personnel, physical assets, and communication systems. Having these critical infrastructures continuously intact and operational will ultimately depend on the corrective actions applied by individual communities and their emergency response leadership.

If deemed noteworthy and relevant to CIP, the CIPIC will present in future InfoGrams some of the problem solutions discussed by the conference participants.

DHS Information Bulletin

Last week the Department of Homeland Security (DHS) issued an information bulletin: "Potential Terrorist Use of Official Identification, Uniforms, or Vehicles." DHS published it to advise owners and operators of the nation's infrastructures about the possible use by terrorists of official identification, uniforms, or vehicles to gain access to sensitive locations for purposes of planning or carrying out attacks. While DHS possesses no information indicating an organized effort by extremist elements to acquire these items, it has identified the recent theft or disappearance of large numbers of the referenced items.

The CIPIC reminds all readers to remain vigilant to the disappearance of, or unauthorized inquiries regarding official identification cards, badges, decals, uniforms, government license plates, and vehicles. Emergency response departments are encouraged to establish practices that account for missing items and to report suspicious incidents to the proper authorities.

Recognizing that possession of some combination of these items tends to reduce suspicion and might allow an individual or vehicle greater access to sensitive locations, DHS suggests the following protective measures:

• Keep comprehensive records of all official identification cards, badges, decals, uniforms, and license plates distributed, documenting any anomalies, and canceling access to items that are lost or stolen.
• Practice accountability of all vehicles to include tracking those that are in service, in repair status, or sent to resale or salvage.
• Safeguard uniforms, patches, badges, ID cards, and other forms of official identification to protect against unauthorized access to facilities, to include stripping all decommissioned vehicles slated for resale or salvage of all agency identifying markings and emergency warning devices.
• Check multiple forms of valid identification for each facility visitor.
• Verify the legitimate business needs of all approaching vehicles and personnel.
• Improve identification card technology to eliminate reuse or unauthorized duplication.
• Alert uniform store vendors of the need to establish and verify the identities of individuals seeking to purchase uniform articles.
• Ensure all personnel are provided a security briefing regarding present and emerging threats.

DHS Advisory (UPDATED)

The Department of Homeland Security (DHS) issued an advisory on 24 July entitled: Potential for Significant Impact on Internet Operations due to Vulnerability in Microsoft Operating Systems. DHS published this advisory in consultation with the Microsoft Corporation to heighten awareness of potential Internet disruptions resulting from the possible spread of malicious software exploiting a vulnerability in the following popular Microsoft Windows operating systems: NT 4.0, NT 4.0 Terminal Services Edition, Windows 2000, Windows XP, and Windows Server 2003. DHS expects that working exploits are currently being developed for malicious use.

An UPDATE to this advisory was issued on 30 July. The UPDATE indicates that several working exploits are now in widespread distribution on the Internet. These exploits provide full remote system level access to vulnerable computers. DHS and Microsoft are concerned that a properly written exploit could rapidly spread on the Internet as a worm or virus in a fashion similar to Code Red or Slammer. The UPDATE continues that no worm code has been reported; however, an Interned-wide increase in scanning for vulnerable computers over the past several days reinforces the urgency for updating affected systems.

Due to the seriousness of this vulnerability, DHS and Microsoft encourage system administrators and computer owners and operators to make the time to update vulnerable versions of MS Windows operating systems listed above as soon as possible. Microsoft updates, workarounds, and additional information are available at their website: http://v4.windowsupdate.microsoft.com/en/default.asp.

InfoGram DisasterHelp Transition

The weekly InfoGrams will soon be available to subscribers at the DisasterHelp.gov website (https://disasterhelp.gov/portal/jhtml/index.jhtml). This website, initiated in November 2002, is part of the President's Disaster Management E-government Initiative, which aims at greatly enhancing disaster management on an interagency and intergovernmental basis. The Federal Emergency Management Agency (FEMA) is the managing agency for this effort. The "e-gov" enterprise will focus initially on providing information and services relating to the four pillars of all-hazards emergency management: preparedness, response, recovery, and mitigation. It will eventually support a multitude of federal agency missions including FEMA's mission to reduce the loss of life and property and protect our institutions from all hazards.

On or about 6 August, all subscribers to the weekly CIP InfoGram will receive an electronic message: "Welcome to DisasterHelp and USFA CIP InfoGrams." The email will indicate that current subscribers have been pre-registered with DisasterHelp and it will request each user to re-subscribe following some simple steps involving approximately three minutes of time. A user name and temporary password will be provided. One step will ask individuals to complete an application. The final step will instruct applicants to change their password.

During the last several months, meticulous arrangements were made for a simplistic and expeditious InfoGram-user transition to DisasterHelp, as well as create a CIP portal that is truly quick and user-friendly. Please understand that each subscription step is important for both security and administrative purposes. Therefore, the CIPIC solicits your cooperation in completing all steps. Although no problems are anticipated, kindly contact the DisasterHelp Help Desk if you experience any difficulty: 800-451-2647.