September 18, 2003
NOTE:This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. It has been prepared by NATEK Incorporated for the US Fire Administration. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at email at usfacipc@dhs.gov.
This is the fourth in a series of six brief articles that review the critical infrastructure protection (CIP) process as it applies to emergency first responders. The first ("A CIP Review"), the second ("Identifying Critical Infrastructures"), and the third ("Determining the Threats") articles can be seen in the 28 August, 4 September, and 11 September InfoGrams respectively.
Knowing the organizational critical infrastructures is the first step of the CIP process. The second step involves determining the "all-hazards" threats against each of these critical infrastructures. This article will review the necessity to analyze the vulnerabilities of those critical infrastructures that are credibly threatened-the third step of the CIP process. Specifically, once department leaders confirm that there is a deliberate (people), and/or natural (disasters), and/or accidental (HazMat accident) threat, the CIP process guides the practitioner to a vulnerability analysis of only those critical infrastructures against which a threat exists. It is imprudent to perform this and the following steps of the process for critical infrastructures that are not credibly threatened. Such actions will only squander precious time and resources.
A vulnerability is the weakness in a critical infrastructure that renders the infrastructure susceptible to degradation or destruction by the source of the threat. An effective vulnerability analysis will examine each threatened infrastructure from the "threat point of view." In other words, the analysis will seek to understand the ways by with each threat might disrupt or destroy each particular infrastructure because of existing vulnerabilities. The eventual mitigation or elimination of present weaknesses (vulnerabilities) cannot be accomplished without knowing what or where they are!
A thorough explanation of CIP and the five-step process can be seen in the CIP Process Job Aid available as a Microsoft Word Document (81kb) to read and download at: www.usfa.fema.gov/fire-service/cipc/cipc-jobaid.shtm.
It is common knowledge that hurricanes, regardless of category, are capable of substantial destruction and even loss of life. Too often, throughout the history of this nation, hurricanes have attacked, degraded or destroyed critical infrastructures. Although it is more inconvenient than dangerous when communities lose their public utilities, it becomes life threatening when emergency services are lost for any reason. This is why emergency first responders located in states susceptible to hurricanes have implemented numerous measures to ensure their uninterrupted response-ability during and immediately after these major storms.
Recognizing that Hurricane Isabel will attack the East Coast of the United States, the CIPIC collected some lessons-learned by emergency departments after previous hurricanes. Believing that a few of these lessons may provide insights when preparing for future weather events, they are listed as follows for further consideration by affected emergency responders:
According to Department of Homeland Security (DHS) Information Bulletins, dated 12 and 16 September, analysts believe terrorists will utilize novel methods to attack American critical infrastructures. These adversaries have already demonstrated capabilities to recruit and employ suicide bombers who artfully conceal their devices in jackets, shoes, belts, vests, gym bags, and briefcases. The emergency services must be aware of the potential for terrorists to use multiple suicide/homicide bombers in which the first attack is designed to cause casualties and draw first responders to the scene specifically to expose them to a second attack.
Additionally, terrorist interest in toxic chemical materials and delivery methods has been growing and probably will increase further in the near term. Reasons for this include the relative ease with which some materials can be acquired and produced, the potential for large numbers of casualties and psychological impact on the targeted population, and disruption at the scene of the event and to related infrastructures. Captured documents indicate that terrorists have designed a chemical dispersal device fabricated from commonly available materials designed to asphyxiate its victims. Little or no training is required to assemble and deploy such a device due to its simplicity.
Considering these threats, DHS security experts suggest the following (minimum) protective measures for emergency first responders, who comprise a national critical infrastructure:
Emergency planners without a budget for off-the-shelf disaster management software can download free of charge an interactive program from the Federal Emergency Management Agency (FEMA). The Disaster Management Interoperability Services (DMIS) program allows real-time sharing of response and recovery data and graphics. DMIS also includes federal agency mapping capabilities in a secure, web-based environment among fire, rescue, police, medical, and any other responder group. Many DMIS functions can be performed without Internet access.
"Because DMIS is a set of tools, emergency managers don't have to change their business practices to use it," according to Mark Zimmerman, DMIS program manager. FEMA is working with IBM, Microsoft, Oracle, and other hardware and software vendors to ensure that emergency responders will be able to operate DMIS from any computing environment, he said.
For more information about DMIS, contact Scott Eyestone, DMIS responder liaison team leader at (540) 288-5622. Alternatively, register for DMIS at www.disasterhelp.gov.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
