InfoGram

June 12, 2003

NOTE: This InfoGram will be distributed weekly to provide members of the emergency management and response sector with information concerning the protection of their critical infrastructures. It has been prepared by NATEK Incorporated for the Emergency Preparedness and Response Directorate. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Interoperability and Continuity of Operations

Chief officers know that responding to major incidents requires effective planning, coordination, communication, and sharing of information among numerous first responder organizations. They recognize that improving interoperability is one of the most crucial steps local departments can take to ensure their response-ability. Frequently, interoperability refers to communication and computer links as the means of coordinating public safety operations across jurisdictions. However, in practice, interoperability is the ability of emergency personnel, their equipment, and systems to efficiently and consistently interface and operate with other agencies.

The CIPIC suggests that interoperability is all about seamless, coordinated, and integrated operations. In its relationship to critical infrastructure protection (CIP), interoperability specifically involves the following paramount actions:

• Intradepartmental and interdepartmental coordination before and during all operations.
• An immediate joint response to catastrophic manmade or natural disasters.
• Unification of local, state, and federal agencies for extended response and recovery operations.

While chief officers work to train and prepare their personnel to respond to a disaster, they must also assure their departments-as a whole-are ready. This means planning for the protection of personnel, physical assets, and communication systems (i.e., critical infrastructures) to guarantee continuity of operations. The CIPIC proposes that superb, sustained operations cannot be achieved without the 24/7 availability of department critical infrastructures.

Cyber-crime: A Threat to Critical Infrastructures

Although it may not create the same fear in people as the possibility of a chemical, biological, radiological, or nuclear attack, cyber-crime is a considerable threat to American communities and their critical infrastructures. In 2002, the number of domestic Internet criminal cases continued to dramatically increase, according to data released by the Cyber-Terror Response Center. With new types of cyber-crimes being invented everyday, according to the center, these crimes have the potential to seriously degrade or disrupt critical infrastructures (e.g., block emergency communications or cut off electricity and water).

In a related matter, the Department of Homeland Security (DHS) published an Information Bulletin, dated 6 June 2003, entitled: Mass Mailing Malicious Code-Worms and Viruses. In this bulletin, DHS reported an increase in the use of two mass mailing techniques to distribute malicious code via electronic mail (email). In the first, the virus/worm author sends emails with infected attachments to a relatively small number of email recipients, some who unwittingly click on the attachment and infect their machines, which begin to send the virus/worm to all of the addresses in the recipients' email address book.

In the second, the virus/worm author sends millions of emails with infected attachments to multiple "open proxy" machines on the Internet. The virus/worm author can hide the origin of the infected emails because they appear to originate from the many proxy machines that forwarded them. The threat posed by this technique is significant. Because the virus/worm is initially delivered simultaneously to millions of recipients, a large portion of the recipients' machines can be infected before anti-virus vendors can update users' anti-virus programs to block the virus/worm.

Organizations can protect against future email delivered malicious code by blocking all executable code at their email gateway. This simple countermeasure could substantially reduce the impact of malicious codes. For more information about cyber-crime, worms and viruses, or to report an incident, contact the DHS watch center at 1-888-585-9078 or at nipc.watch@fbi.gov.

What About Monkeypox?

Federal and state health workers continue to identify new cases of monkeypox virus infections in Midwesterners who came into contact with infected pet prairie dogs. Officials at the Centers for Disease Control and Prevention (CDC), as well as state health authorities in Illinois, Indiana, and Wisconsin, are aggressively attempting to contain the outbreak by tracing sales of possibly infected animals and the whereabouts of people who may have come in contact with them.

A CDC Fact Sheet explained that monkeypox is a rare viral disease that is found mostly in the rainforest countries of central and west Africa. "The disease is called 'monkeypox' because it was discovered in laboratory monkeys in 1958." In 1970, monkeypox was identified as the cause of a smallpox-like illness in humans living in remote African locations. The report of the disease in early June 2003 among several residents in the United States is the first evidence of community-acquired monkeypox virus infection in America.

The CDC Fact Sheet further revealed that the clinical features of monkeypox in humans begin with fever, headache, muscle aches, backache, swollen lymph nodes, a general feeling of discomfort, and exhaustion. "Within 1 to 3 days (sometimes longer) after onset of fever, the patient develops a papular rash (i.e., raised bumps). The lesions usually develop through several stages before crusting and falling off. The illness typically lasts for 2 to 4 weeks." It is important for emergency medical personnel to know the disease can be spread from person to person, but it is much less infectious than smallpox. Additional information can be obtained by visiting: www.cdc.gov/ncidod/monkeypox, or by calling the CDC public response hotline at 888-246-2675.

More Free Resources for Local Application

County Risk Management: Policy and Practice, is a training program for county officials and staff, and is designed for small and rural counties. The program is actually a course that discusses the basics of risk management, risk identification and assessment, risk analysis, and establishing a risk management program. The National Association of Counties (NACo) developed this course with the assistance of the Public Risk Management Association (PRIMA).

The National Center for Small Communities (NCSC) developed and published a new manual entitled: Limiting Small Town Liability: A Risk Management Primer. NCSC designed this user- friendly resource with the direct input of small community leaders of American towns, cities, and counties. The primer describes the risk management process and how it can be easily incorporated into current local government activities. It also introduces some risk management topics that are of particular interest to small communities. Furthermore, it provides planning and organizational tools to help small community leaders create a basic risk management plan.

Both of these resources are available for free download on the Public Entity Risk Institute (PERI) website at: www.riskinstitute.org/ptr.asp. To find each one, just click "choose a publication." Any difficulty accessing these free resources can be directed to PERI at 703-352-1846.