InfoGram

February 24, 2005

NOTE: This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Physical Security Planning

The EMR-ISAC occasionally receives inquiries regarding physical security planning and measures for the stations or facilities of emergency response departments. Some of the queries were from organizations that had property stolen and want to prevent future incidents of theft. Recognizing the interdependent relationship between critical infrastructure protection (CIP) and physical security, the EMR-ISAC examined the basic measures of a time-efficient, cost-effective, and common sense approach to physical security by the departments and agencies of the Emergency Services Sector (ESS). The results of this examination are summarized as follows for the consideration of ESS leaders responsible for any type of physical location:

• Acquire the assistance of a physical security specialist (usually from a law enforcement agency) to conduct annual physical security vulnerability assessments to determine where improvements are needed.
• Randomly inspect the security and condition of all facilities, storage areas, and HVAC systems.
• Increase observation and scrutiny of all facilities, storage, and surrounding areas.
• Keep all doors (including apparatus bay doors) and windows closed and locked unless these access points are continuously monitored so intruders can be immediately intercepted.
• Use appropriate locking systems for all access points (e.g., single cylinder locks for solid core doors and double cylinder locks for doors with glass).
• Obtain a monitored security alert system for buildings, storage areas, etc., that are not always occupied and in regular use.
• Guarantee that all apparatus, vehicles, and equipment maintained in exterior parking or storage areas are always locked when unattended.
• Periodically test security systems, back-up power sources, and emergency communications.
• Initiate and enforce a reliable identification system for department personnel and property.
• Screen all visitors (including vendors) and deny entry to anyone who refuses inspection.
• Develop inspection practices for incoming deliveries including postal packages and mail.
• Implement a dependable visitor/vendor identification and accountability system that includes escorting non-department personnel as much as practicable.
• Restrict access to communication centers and equipment including computer systems and networks to the few essential department personnel and authorized technicians.
• Prepare an SOP containing the organization's physical security policy and practices.
• Train department personnel regarding the application and enforcement of all physical security measures.

Preparedness and Prevention

In the latest wide-ranging assessment of threats to American security, intelligence officials indicated that terrorist organizations remained intent on obtaining and using devastating weapons against the U.S. "It may only be a matter of time before al Qaeda or another group attempts to use chemical, biological, radiological, and nuclear weapons," said Porter Goss, new Director of the Central Intelligence Agency. An attack from covert al Qaeda operatives inside the U.S. is "the top threat" according to recent information gleaned from investigations and detentions.

Similarly, Defense Secretary Donald Rumsfeld warned last week that terrorist are "regrouping, recalibrating, and reorganizing for another strike." His remarks follow those of Ronald Noble, the head of Interpol, who said that the danger of another al Qaeda attack in America "has not diminished since 11 September 2001."

The leaders, owners, and operators of the Emergency Services Sector (ESS) understand that the next terrorist attack will directly affect their resources and capabilities in the general target area. In the past three years, countless ESS departments and agencies proactively revised plans, altered training, and upgraded equipment as time and money permitted. Several communities and their ESS leadership logically entered regional arrangements to synergize and bolster assets and capabilities.

However, there are concerns about localities where little preparedness and prevention has been accomplished. Some of these municipalities have severely restrained budgets and resources, but others perceive they are immune to attack because of their small size or remote location. Therefore, the EMR-ISAC recommends reconsideration by communities possessing such perceptions. Accepting that there are no impervious places in the nation, the EMR-ISAC suggests: "A couple ounces of preparedness and prevention are worth a couple pounds of response and recovery."

Communication/Cyber Issues

There is a rapidly growing threat to emergency communications and operations using wireless or cellular telephones. The threat is from cell phone jammers, which are the devices that interfere with signals and prevent reception. The jammers come in a variety of shapes and sizes and are being sold clandestinely throughout the country. Jamming devices are illegal to buy, sell, and use because they disrupt emergency calls and the public airwaves according to the Federal Communications Commission (FCC). Although the FCC Enforcement Bureau has not yet prosecuted a "jamming offender," they recognize the increasing curiosity about jammers causing people to want and to find them.

In an unrelated matter, the Federal Bureau of Investigation (FBI) warned this week that a computer virus is being spread through unsolicited electronic messages that purport to come from the FBI. Public and private computer users received emails that appear to come from an fbi.gov address. The messages direct recipients to open an attachment and answer questions. The computer virus is located in the attachment. "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited emails to public and private citizens in this manner," the FBI said in a statement.

Independent Study Courses

There are four independent study courses that are immensely useful for Emergency Services Sector leaders and practitioners of critical infrastructure protection. These courses are available online through the National Emergency Training Center (NETC) Virtual Campus:

• IS-100, Introduction to Incident Command System
• IS-200, Incident Command System, Basic
• IS-700, National Incident Management System, an Introduction
• IS-800, National Response Plan (NRP), an Introduction

Due to an overwhelming demand for these courses, users may experience access problems and technical difficulty. The highest utilization time for students on the NETC Virtual Campus is from 10:00 a.m. to 6:00 p.m. EST. The help desk is processing requests as quickly as possible and work is ongoing to resolve any problems. Students may wish to access the system during non-peak hours. The NETC senior staff appreciates the patience and cooperation of all users.