InfoGram

August 18, 2005

NOTE: This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Another Case for Mutual Aid Agreements

First responders throughout the United States are widely accepted as the first line defense for all hazards. Nevertheless, numerous emergency departments and agencies in this country may not be fully prepared to survive, operate, and succeed when responding to incidents involving weapons of mass destruction (WMD). This possibility is partially indicated in a recent study by the National Association of Counties that found fewer than 10 percent of counties are ready for a bioterrorism attack.

Adequate preparations for a WMD attack require more money, equipment, training, etc., than many localities and emergency organizations can provide. The EMR-ISAC believes this reality creates a vulnerability to local critical infrastructures that cannot be ignored. These communities and their responders must be willing to accept assistance that will enable neighboring jurisdictions to share specialized resources rather than duplicate them in each municipality.

Emergency Services Sector experiences substantiate that the best strategy to build upon limited or non-existent WMD response capabilities is to develop mutual aid agreements to distribute essential resources. Mutual aid processes will help ensure that jurisdictions across the nation can benefit from each other's efforts to enhance their WMD response-ability. The EMR-ISAC submits that mutual and automatic aid agreements will significantly bolster the protection of the critical infrastructures belonging to WMD-affected communities and their emergency personnel.

Database of Computer Vulnerabilities

A computer worm targeting the Microsoft Windows 2000 operating system infected the computers of numerous major American corporations this week and notably disrupted their corporate operations. Microsoft (MS) experiences almost daily cyberattacks attempting to exploit any existing software vulnerabilities, because it estimates that MS Windows runs approximately 95 percent of the world's computers. This fact should be a matter of much concern for those emergency organizations using MS products.

The EMR-ISAC recognizes that Emergency Services Sector (ESS) communication/cyber systems are an internal and integral sector critical infrastructure that must be protected from degradation. ESS leaders will agree that prevention, protection, and response operations cannot be obstructed in any way by computer/cyber system failures.

The new National Vulnerability Database (NVD) from the National Institute of Standards and Technology (NIST) will make it easier for ESS system administrators to learn about vulnerabilities and how to remediate them. The NVD is a comprehensive database that integrates all publicly available U.S. government resources on vulnerabilities and provides links to many industry resources. NVD is built upon a dictionary of standardized vulnerability names and descriptions called Common Vulnerabilities and Exposures.

Updated daily, the NVD currently contains information on almost 12,000 vulnerabilities. It allows users to search by a variety of characteristics, including vulnerability type, severity and impact, software name and version number, and vendor name. NVD was developed by NIST researchers with support from the Department of Homeland Security's National Cyber Security Division. Go to http://nvd.nist.gov for more information about this database.

Target Capabilities List National Review

Homeland Security Presidential Directive 8 (HSPD-8) tasked the Secretary of Homeland Security to develop a national domestic all-hazards preparedness goal. As part of the goal, HSPD-8 requires the establishment of measurable readiness targets. To meet that requirement, the Department of Homeland Security (DHS) developed a Target Capabilities List (TCL-Version 2) that identifies 36 capabilities needed to effectively prevent, protect against, respond to, and recover from major events. The TCL represents a significant step forward in identifying and developing the capabilities needed to effectively secure the homeland.

The Goal and TCL were sent out for national review in previous iterations and, in the time since, additional consultation and collaboration have allowed DHS to further refine both documents. The DHS Office of State and Local Government Coordination and Preparedness (OSLGC) seeks a final round of review and comment from stakeholders prior to release of the Goal and TCL 2.0. Therefore, stakeholders of the Emergency Services Sector (ESS) are encouraged to review the draft documents and provide comments to OSLGC via the Lessons Learned Information Sharing website (www.llis.gov) through September 15, 2005.

Having examined the working group refinements to the TCL, the EMR-ISAC supports this most consequential endeavor. "Excellent participation by ESS leaders, owners, and operators will enable DHS to produce a final set of documents that will stand the test of time, protect critical infrastructures, enhance national preparedness, and meet the expectations of the American people."

Preparing for and Responding to Prison Emergencies

The National Institute of Corrections (NIC) recently published A Guide to Preparing for and Responding to Prison Emergencies: Self-Audit Checklists, National Survey Results, Resource Materials, and Case Studies. This 318-page guide is comprised of the following sections: introduction, conducting an audit, self-audit checklists, emergency preparedness, natural disaster/HazMat/fire/counterterrorism, Report on the National Survey of Emergency Readiness in Prisons, resource materials, leadership issues during crises, prevention of prison emergencies, emergency teams, prisons and counterterrorism, and case studies.

The EMR-ISAC suggests that the guide may have applicability to the emergency services outside of the prison walls, particularly those who would respond to incidents at a prison facility, as well as the corrections personnel working within America's prisons. This resource can be seen and downloaded from the NIC website at: http://www.nicic.org/pubs/2005/020293.pdf (PDF, 1.9 Mb, Adobe Acrobat (PDF) Help). A hardcopy version can be obtained from the following address: National Institute of Corrections (Attn: NIC Information Center) 320 First Street, NW, Washington, DC 20534.