InfoGram

June 30, 2005

NOTE: This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Combating Complacency

For nearly four years the United States has enjoyed the absence of transnational terrorism. Much credit for this lull belongs to the many public and private organizations that urgently modified their plans, training, and operations to prevent and protect against the next man-made disaster. Despite severely limited resources, these departments and agencies avoided mediocrity by improving their capabilities to deter or mitigate the catastrophic effects from all hazards.

Nevertheless, early this week members of a 9/11 panel cited current gaps in the nation's security and expressed concern that several federal, state, and local leaders may be "falling into a false sense of complacency." Some panelists said they see creeping complacency in the public and private sectors, "because there has not been a terrorist attack in the country in almost four years." They also articulated apprehension about the increasingly difficulty to focus attention on the continuing threats and existing vulnerabilities throughout America.

Recognizing al Qaeda's ongoing long range target planning, the Homeland Security Advisory System remains at Threat Level Yellow (Elevated). Therefore, the EMR-ISAC encourages Emergency Services Sector organizations to prolong efforts against complacency by considering the following reflective questions about terrorism readiness and response-ability:

• Are leaders more knowledgeable and capable to manage an attack in their jurisdiction?
• Have personnel been thoroughly trained to successfully perform in all-hazards?
• Have there been deliberate actions to identify and protect internal critical infrastructures?
• Are emergency and/or contingency plans ready for any type of man-made disaster?
• Have leaders arranged for regional response options to maximize capabilities?
• Have revised plans been coordinated and rehearsed with all mutual aid partners?
• Has the National Incident Management System and the Incident Command System been incorporated into plans and operations?
• Is the organization receiving EMR-ISAC CIP (FOUO) Notices about threats and vulnerabilities? (If not, see the directions at https://disasterhelp.gov/usfacip.html.)

Cybersecurity Update

Computers have become an integral part of the Emergency Services Sector (ESS). Thousands of sector organizations (e.g., 6,500 9-1-1 Call Centers) depend on computers to such an extent that day-to-day operations are significantly hindered when the computers are "down." Furthermore, unprecedented interdependencies have created vulnerabilities and potential major disruptions in ESS services such as computer dispatching. Persistent movement to complex, distributed, client-server and heterogeneous configurations with distributed management actually worsens the situation. Since new electronic vulnerabilities are found routinely and computer security improvements are often late and lacking in quality, ESS agencies may need some help to ensure electronic survivability and continuity.

Although computers cannot be completely immune to attacks, there are ways to ensure the overall security of each system. The US-CERT is a center of Internet security expertise located at the Software Engineering Institute, which is a federally funded research and development center operated by Carnegie Mellon University. US-CERT developed security practices and training for computer managers and technical personnel. Its website for cybersecurity to include contact information is: http://www.cert.org.

The US-CERT can assist with the following practices that have relevance to ESS information technology systems:

• Protect against future cyber attacks.
• Harden and secure systems by establishing secure configurations.
• Prepare for intrusions by getting ready for detection and response.
• Quickly detect any intrusions.
• Respond to intrusions to minimized damage.

More about these practices and other security improvements can be found at: http://www.cert.org/security-improvement/

Emerging Infectious Diseases Journal

Infectious diseases whose incidence in humans have increased in the past two decades or threaten to increase in the near future have been defined as "emerging." The Emerging Infectious Diseases Journal represents the scientific communications component of the Centers for Disease Control and Prevention (CDC) effort against the threat of emerging infections. While addressing CDC's interest in the elusive, continuous, evolving, and global nature of infectious diseases, the journal relies on a broad international authorship base and is rigorously peer-reviewed by independent reviewers from all over the world.

Emergency medical personnel and other interested personnel of the Emergency Services Sector can acquire a free subscription to the Emerging Infectious Diseases Journal or, alternatively, can read it online at http://www.cdc.gov/ncidod/eid/index.htm.

Disaster Resistance and Resilience

Communities throughout the United States face many natural hazards with the potential to cause loss of lives, severe disruption to essential human services, and substantial economic and property damage. Often, the burden of developing and implementing emergency policies, plans, and programs falls on local jurisdictions. Although there is growing recognition of the need for long-term coordination to reduce risk from disasters, many communities experience difficulty in developing and initiating disaster prevention and protection measures.

Research substantiates that reducing risk from all hazards requires an integrated approach achieved through a collaborative planning process including decision-makers within local government, urban planners, city managers, emergency managers, fire marshals, fire and police chiefs, etc. The Partners for Disaster Resistance & Resilience was formed to have organizations, agencies, and communities enhance their capacity to reach their goals as they relate to disaster resistance and resilience. The partnership was successfully tested at multiple jurisdictions in the State of Oregon.

The leaders of the Emergency Services Sector interested in reviewing the many lessons-learned by the partnership can access the final report at the following link: http://www.riskinstitute.org/newsite/uploads/PDR_FinalReport_04_22_05.pdf (PDF, Adobe Acrobat (PDF) Help).