InfoGram

October 2, 2003

NOTE:This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. It has been prepared by NATEK Incorporated for the US Fire Administration. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at email at usfacipc@dhs.gov.

Applying Countermeasures

This is the sixth in a series of six brief articles that review the critical infrastructure protection (CIP) process as it applies to emergency first responders. The first ("A CIP Review"), the second ("Identifying Critical Infrastructures"), the third ("Determining the Threats"), the fourth ("Analyzing the Vulnerabilities"), and the fifth ("Assessing the Risks") articles can be seen in the 28 August, 4 September, 11 September, 18 September, and 25 September InfoGrams respectively.

Knowing the organizational critical infrastructures is the first step of the CIP process. The second step involves determining the "all-hazards" threats against each of these critical infrastructures. Analyzing the vulnerabilities of those critical infrastructures that are credibly threatened is the third step. The fourth step pertains to assessing the risks of doing nothing about threatened and vulnerable critical infrastructures. When the practitioner establishes that the risk of degradation or loss of a critical infrastructure is unacceptable because of potential catastrophic results, then he/she proceeds to applying countermeasures-the fifth and final step of the CIP process.

This last step of the process entails the implementation of actions (i.e., countermeasures or protective measures) that reduce or prevent the degradation or loss of a threatened and vulnerable critical infrastructure. Specifically, countermeasures mitigate or eliminate the vulnerabilities of threatened critical infrastructures, thereby protecting these infrastructures and preserving the ability of emergency response departments to perform their duties.

Possible protective measures differ in terms of feasibility, expense, and effectiveness. They can be simple or complex actions limited only by imagination and creativity. Therefore, department decision-makers must evaluate the impact of the degradation or loss of a threatened and vulnerable critical infrastructure on mission success versus the cost in scarce resources of applying countermeasures. Decisions to administer corrective measures will certainly influence personnel, material, and financial resources. These same decisions will inevitably drive a department's security budget as well as their associated action plans. Such is why it should be chief officers who have the responsibility to allocate necessary resources when and where risk is unacceptable.

Sometimes prohibitive costs or other factors make it impossible to employ countermeasures. In these cases, senior leadership must knowingly accept the risk of possible degradation or loss of a vulnerable critical infrastructure. CIP experts advise that high-risk personnel, physical assets, and communication systems (i.e. critical infrastructures) should be considered a loss to plans and operations if not protected.

A thorough explanation of CIP and the five-step process can be seen in the CIP Process Job Aid available as a Microsoft Word Document (81kb) to read and download at: http://www.usfa.fema.gov/fire-service/cipc/cipc-jobaid.shtm.

Evacuating the Disabled

The CIPIC has continuously espoused the preparation or revision and rehearsal of plans that thoroughly consider the protection of the critical infrastructures of emergency first responders. Recognizing the inherent dangers, it would be consistent to recommend CIP for all plans and procedures to find and evacuate disabled people during any type of disaster. Therefore, the CIPIC collected the following eleven insights for consideration by emergency departments that are preparing or revising plans for the evacuation of the disabled:

• Locate and identify the disabled within jurisdictions.
• Understand and document the disabilities of each individual.
• Record the physical features of each location when the disabled reside.
• Make special notes of the inherent dangers to first responders.
• Notate all other obstacles to a quick entry and evacuation of the person.
• Ensure dangers and rescue obstacles are included in department plans.
• Periodically rehearse plans and procedures for evacuating the disabled.
• Select disabled people with related skills and physical abilities to assist with plans, rehearsals, and emergencies.
• Recommend the disabled rehearse evacuation plans and responsibilities as practicable.
• Request the disabled to notify their local emergency department of any changes to their address or condition.
• Train CERT personnel regarding how they can assist during emergencies at facilities housing large numbers of disabled.

Chemical Protective Suits

The Defense Logistics Agency (DLA) recently issued a "warning alert" to emergency departments having chemical protective or battle dress overgarment suits acquired from Defense Reutilization and Marketing Offices (DRMO). DLA cautions that local first responders in possession of these older excess suits may be under the impression that they provide the same degree of protection of new protective suits issued to the military. The warning indicated that the older excess suits were provided in an "as is" condition and should be used for training purposes only, particularly if not contained in the original sealed bag.

The DLA further advises that those protective suits still sealed in the original bag can provide approximately 22 days of use when opened, but only if each suit remains in the sealed bag until immediately necessary for a genuine emergency. Those suits remaining sealed in the original bags will provide approximately 24 hours of continuous protection in an actual or confirmed chemical environment.

DLA urges that those suits still in their original sealed bags should not be opened until required for a real chemical incident. Any department with these suits from DRMO having questions or concerns about the DLA alert should call the following number: 1-800-532-9946.

Hepatitis Advisory

The Centers for Disease Control and Prevention (CDC), concerned about increased outbreaks of hepatitis A, have issued a multistate health advisory. The CDC advisory said any outbreaks should be looked at to see if they are related to O'Charley's restaurants. Most identified cases have onset dates clustered around early to mid-September. "An investigation to determine the source of the outbreak is under way," the advisory states.

Hepatitis A is a nonfatal disease with symptoms including nausea, diarrhea, fever, jaundice, fatigue, and loss of appetite. CDC's health advisory is meant to alert local and state health departments and officials about the possibility of exposure and does not require immediate action by health officials.

CIPIC DisasterHelp Initiative

After six weeks of advanced weekly notification, the CIPIC advises that this is the last InfoGram being sent directly to subscribers by electronic mail from the CIPIC.

In cooperation with the Federal Disaster Management E-Government Initiative, and to improve service to InfoGram subscribers, the weekly documents are now available at the DisasterHelp.gov website through a portal that is reasonably quick and user-friendly. DisasterHelp is a single Internet-based portal using cutting-edge information technology to provide disaster information and services to government agencies and non-government organizations.

USFA decided to enhance CIP information services to the emergency management and response sector by arranging for DisasterHelp to accommodate access to and facilitate the distribution of the InfoGrams and other vital CIP related information. Therefore, USFA encourages the nation's first responders to register with DisasterHelp.gov and subscribe to the weekly documents employing the explicit instructions available at: https://disasterhelp.gov/usfacip.html.

Alternatively, simply follow these directions:

• Open the DisasterHelp website at: https://disasterhelp.gov.
• Register for an account in the top right corner of the screen.
• Receive an email confirmation containing a username and password.
• Now apply to become a "verified user" at the left sidebar under "My Account."
• After your reference acknowledges your information, you will receive an email acceptance as a "verified user." (Be aware this action might take a few days.)
• When "verified," log into DisasterHelp and click on the "My DHelp Profile" link in the left sidebar under "My Account."
• Select USFA-CIP InfoGrams and follow all remaining instructions.

NOTE: Please complete the required application as best as possible. Immediately contact the DisasterHelp Help Desk if you experience any problems: 800-451-2647.