InfoGram

October 16, 2003

NOTE:This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. It has been prepared by NATEK Incorporated for the US Fire Administration. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@dhs.gov.

USFA CIPIC: The Sector ISAC

Over two years ago, the U.S. Fire Administration (USFA) Critical Infrastructure Protection Information Center (CIPIC) was designated the Information Sharing and Analysis Center (ISAC) for the emergency management and response sector of the United States. As the sector liaison and coordination office, the ISAC primarily exists to facilitate the efficient movement of consequential security-related critical infrastructure protection (CIP) information between the federal government and the FEMA Regional Directors, emergency managers, national fire associations, state fire marshals, and thousands of local fire and emergency medical service departments throughout the nation.

The CIPIC operates the ISAC at the USFA headquarters in Emmitsburg, MD. The goal of the ISAC is to build an information sharing program that will make a major difference in the critical infrastructure protection of emergency first responders, particularly in regards to their survivability, continuity of operations, and mission success. It is a unique entity because all emergency managers, fire, and emergency medical personnel-career and volunteer-are automatically members of the ISAC. This uniqueness creates a significant challenge for the ISAC considering the monumental difficulty of reaching and exchanging information with all sector leaders.

In a major endeavor to meet this challenge, the CIPIC/ISAC coordinated extensively with FEMA's DisasterHelp.gov website managers. The website is part of the President's Disaster Management Electronic Government Initiative that provides the emergency management community with disaster information and services. With the assistance of website managers, the CIPIC/ISAC developed and initiated a reasonably quick and user-friendly CIP portal as a means of enhancing information services for its sector. By using this high-tech, Internet-based portal, any verified user of DisasterHelp can access weekly InfoGrams as well as other vital CIP related information. To register, members of the sector complete a simple online application that includes basic information about their identity and location. This essential data will enable the CIPIC/ISAC to target specific localities, states, or regions for distributing timely and relevant CIP information.

Members of the emergency management and response sector can become registered users of DisasterHelp and verified for InfoGram access by following the directions at: https://disasterhelp.gov/usfacip.html.

Key Considerations for Resilient Critical Infrastructures

The CIPIC proposes that events during this new century necessitate a "paradigm shift" for the chief officers of emergency response departments. Traditional thoughts about "preparedness and response" may have to be shifted to "anticipate and adjust" to continuously changing status and circumstances. The CIPIC further suggests it is imperative to make this conversion of attitude and behavior to ensure the resiliency of department critical infrastructures.

To assist the emergency management and response sector leadership with transformational activities, the CIPIC offers the following CIP and OPSEC considerations to bolster the resiliency of critical infrastructures. However, it must be understood that they are the minimum essential concerns listed simply to promote conducive thoughts and actions.

Key Critical Infrastructure Protection (CIP) Considerations:

• The personnel, physical assets, and communication systems (i.e., critical infrastructures) that must intact and operational 24/7/365 should be identified.
• Where and how these critical infrastructures are vulnerable to adversary activities must be determined.
• There should be deliberate planning to protect vulnerable critical infrastructures before, during, and after response operations.
• Critical infrastructures not protected from degradation or destruction should be considered a loss to operations.

Key Operations Security (OPSEC) Considerations:

• Training techniques and rehearsals should be protected from public dissemination and observation.
• Adversaries must be denied the advantage of knowing how emergency personnel will respond to incidents.
• Enemies who know how first responders operate can situate secondary devices, etc., to disrupt a quality response.
• Assume terrorists know how to degrade or prevent emergency responses unless information pertaining to plans, training, and operations is protected from their collection activities.

Planning Mass Casualty Operations

For those emergency management agencies considering the preparation of or revision to mass casualty plans, the CIPIC offers the following actions adapted from those obtained online and initially written by David Lind, a U.S. Navy Disaster Preparedness Operations and Training Specialist, Naval Air Station Whidbey Island, Oak Harbor, WA:

• Identify the different types of disasters that can be expected.
• Assess how these disasters would affect mass casualty operations.
• Anticipate casualties for each type of disaster.
• Estimate the number of casualties that would exhaust available resources.
• Determine who, where, and how collection and triage would be managed.
• Decide what resources would be needed to evacuate casualties.
• Ascertain the evacuation capabilities of local public transportation.
• Understand geographical realities versus available transportation.
• Identify the physical obstacles/limitations to successful evacuation.
• Select the routes, bridges, tunnels, etc., for one-way traffic only.
• Choose the routes to be dedicated exclusively for emergency personnel.
• Comprehend how power outages would affect triage and evacuation.
• Initiate a CERT program to train a force of capable civilian helpers.

Drill for the Flu

New York Times.com reported that the Fire Department of New York (FDNY) recently decided it would exercise a little innovation to prepare for the flu season. Primarily to test how quickly firefighters and emergency medical personnel could be vaccinated in the event of a bioterrorist attack, the FDNY will simulate its response to a smallpox outbreak by practicing vaccine inoculations on employed personnel. In reality, however, "the estimated 700 emergency workers participating will get their annual flu shots."

As part of the drill, FDNY will call off-duty personnel at home to report to work in a procedure known as "recall." The department's chief medical officer said that it was crucial for FDNY to have a swift plan in place so firefighters and emergency medical workers could be inoculated and continue to perform their rescue duties. She continued: "What we're going to try to do is test our ability to pass out vaccines to our members in a rapid fashion." The fire commissioner said also that this drill should enable the department "to take away important lessons and useful practices that will help us in future planning."