February 9, 2006 InfoGram

This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Security Dangers

Early this month, Director of National Intelligence John Negroponte told the Senate Select Committee on Intelligence about the accelerating dangers to American critical infrastructures from terrorist groups, proliferation networks, alienated communities, charismatic individuals, narcotraffickers, and microscopic influenza. He especially emphasized the threats from weapons of mass destruction, political instability around the world, the rise of emerging powers, and the spread of the jihadist movement.

The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) analyzes daily critical infrastructure protection (CIP) information from around the United States. This center specifically watches for the all-hazard perils to the critical infrastructures of Emergency Services Sector (ESS) organizations and the communities they serve. By doing so, the EMR-ISAC learned of other dangers in addition to those in the preceding paragraph that may threaten ESS departments and agencies: natural disasters, hazardous material accidents, energy and environmental issues, immigration and demographic matters, and gangs.

Further study confirms the potential for most of these threats to degrade or incapacitate ESS internal critical infrastructures. Therefore, the EMR-ISAC reminds sector leaders to give particular attention to the protection of following operational prerequisites: command and control nodes, communications and cyber systems, multiagency coordination and mutual aid arrangements, and equipment and facilities. ESS leaders nationwide generally understand that these fundamentals must be intact 24x7 in order for sector personnel to deliver their essential life- and property-saving services.

Closing the Gaps

The EMR-ISAC continues to hear and read about Emergency Services Sector (ESS) organizations across the United States working to close the gaps that exist in current levels of critical infrastructure protection (CIP) and emergency preparedness. This progress is certainly encouraging despite the fact that more needs to be done to ensure the survivability, continuity, and response-ability of the personnel, physical assets, and communication/cyber systems (i.e., critical infrastructures) of ESS departments and agencies.

Most man-made and natural disasters have been complicated, demanding, and confusing. As it was in the past, future all-hazard incidents will require well structured, thoroughly exercised, and excellently managed mission-oriented procedures for coordinated execution by all ESS components (e.g., law enforcement, fire and HazMat, search and rescue, emergency medical services, and emergency management).

Time-efficient and resource-restrained CIP requires ESS components to fully integrate into an organized system of mutually shared protection and response objectives and activities. EMR-ISAC research substantiates that deliberate information sharing, joint planning, cross-training, and exercising will help diminish the barriers sometimes existing between and among first response agencies. Knowledge and appreciation of each organization's capabilities (e.g., strengths and weaknesses) to protect itself and respond when needed ultimately enhances the success of CIP and emergency preparedness within communities and regions.

Preparing for Coordinated Terrorist Incidents

Multiple explosions on four commuter trains only minutes apart in Madrid, Spain, in 2004, received international attention. The event exemplified a specific type of emerging incident that has important implications for the ways Emergency Services Sector (ESS) organizations protect internal critical infrastructures.

Coordinated terrorist incidents with assaults including elements occurring simultaneously or nearly so are increasing worldwide. This fact confirms that terrorist groups with accomplices have raised their operational sophistication to maximize the damage inflicted and to send a message that they can spatially cover many areas at the same time.

An article in the FBI Law Enforcement Bulletin, co-written by the director of research at the Memorial Institute for the Prevention of Terrorism (MIPT), explains the three main categories of coordinated terrorist incidents to help ESS departments and agencies plan, train, and organize to protect organizational essential resources, a critical infrastructure protection (CIP) measure promoted by the EMR-ISAC. The full article can be viewed at the following website: http://www.mipt.org/pdf/FBI-LEB-May-2005.pdf (PDF, 1.8 Mb, Adobe Acrobat (PDF) Help).

The authors of this article make the following suggestions:

• Decentralize equipment and personnel to better respond to multiple incidents at numerous locations. Grouping resources at a central location could become a liability if attacks occur at opposite extremes of the operational area or if personnel and equipment become the targets.
• Resist deploying all resources or "hyper-responding" for two reasons. First, sending all personnel and equipment to an initial attack could trap all responders in the case of a secondary attack. Second, dispersed attacks or other types of routine emergencies elsewhere will require their own resources.
• Plan, exercise, and train with all ESS disciplines and any other agencies that could be involved in a response. Add coordinated attack response to the playbooks for the emergency operations plan. Also, do not overlook command-level issues (e.g., whether to designate single or multiple incident commanders at dispersed locations).
• Protect the force by anticipating a secondary attack on first responders and planning to take such crucial and coordinated steps as securing a perimeter well away from the first assault, sweeping for secondary devices, and monitoring, photographing, and interviewing bystanders.

Emergency Response to Transit Hijackings

Emergency Services Sector (ESS) departments and agencies continue to respond to a wide range of challenging incidents and disasters. Among them are circumstances that might be unusual, atypical or even a "first" for a particular jurisdiction. The EMR-ISAC recognizes that these situations may potentially jeopardize the internal critical infrastructures of responding organizations.

The Federal Transit Administration (FTA) of the U.S. Department of Transportation (DOT) offers training for ESS personnel on a variety of common and uncommon topics. Two free FTA one-day seminars for first responders are among those scheduled at various locations in upcoming months.

Threat Management and Emergency Response to Bus Hijackings Seminar (FT00463) and Threat Management and Emergency Response to Rail (Train) Hijackings (FT00532) cover an introduction to terrorism tactics; the history and trends in weapons of mass destruction threats; identification of flaws in facility and vehicle design and operations; development of an emergency response plan; bus and rail accessibility; managing the media; and field exercises.

These seminars will be offered in a total of five cities between March and July 2006, but represent only a sampling of free or low-cost responder training conducted by the FTA. To learn about future training opportunities, interested ESS leaders can "bookmark" and periodically visit: http://transit-safety.volpe.dot.gov/training/courses/schedule.asp. Visit the following website for free downloadable emergency-related publications: http://transit-safety.volpe.dot.gov/emergency/preparedness/default.asp.