October 5, 2006 InfoGram

This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

COOP Planning Update

Today's threat environment and the potential for a no-notice crisis, including localized acts of nature, hazardous material accidents, technological emergencies, and terrorist attacks have increased the need for Continuity of Operations (COOP) capabilities and plans that enable emergency departments and agencies to maintain their indispensable operations across a broad spectrum of disasters.

The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) affirms that COOP and critical infrastructure protection (CIP) planning are mutually inclusive and interdependent, particularly for the Emergency Services Sector (ESS). COOP plans ensure that vital services are continuously available without any disruption or incapacitation. However, it must be clear that COOP will be degraded unless an organization's critical infrastructures remain intact and fully operational. Indeed, COOP is a desired outcome of CIP, but quality COOP also bolsters effective CIP.

The goal of every ESS entity should be to have a plan in place that specifies straight-forward, step-by-step recovery and reconstitution procedures to follow during and after a man-made or natural disaster. Therefore, to promote the preparation of a COOP plan with benefits for CIP, the EMR-ISAC offers the following salient points or lessons-learned about COOP planning from varied recent sources:

• Study the jurisdictional environment and the probable threats against it.
• Examine and understand the legal factors affecting the preparation of a COOP plan.
• Establish basic concepts to guide the planning effort.
• Identify and document essential operations, functions, and responsibilities.
• Draft the plan ensuring continuity of authority, succession of key personnel, individual responsibilities, and implementation strategies.
• Include procedures discussing the appropriate and timely execution of the plan.
• Address plan activation involving personnel, equipment, records, and supply relocation.
• Attend to the performance of essential functions and how to return to normal operations.
• Outline programs for training, testing, and exercising to guarantee preparedness.
• Incorporate a multi-year strategy for maintaining the plan.

Emergency Services Data and Identity Theft

The United States Computer Emergency Readiness Team (US-CERT) examined recent trends involving the acquisition of personally identifiable information (PII) by unauthorized, malicious felons. PII generally consists of pieces of information that locate and identify people. These are data that uniquely describe an individual such as full name, email address, postal address, telephone number, driver's license number, social security number, and also unusual physical characteristics (e.g., fingerprints, scars, tattoos, etc.).

The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) reviewed the recorded experiences of numerous Americans whose PII was accessed by cyber-criminals or inadvertently divulged by their employer. The EMR-ISAC learned that identity theft often leads to adverse consequences beyond financial loss. People frequently suffer from the lawlessness of offenders who impersonate their victims during criminal acts and a variety of fraudulent activities. Confronted with inquiries about their reputation, wrongdoings, and no credit rating, many victims displayed tremendous annoyance, frustration, and embarrassment accompanied by diminished morale, emotional distress, clinical depression, and even loss of work.

To protect their first responders from these undesirable and detrimental possibilities, the EMR-ISAC urges Emergency Services Sector (ESS) leaders to ensure the outstanding security of information systems that support their administration and operations. Additionally, ESS organizations should train their personnel regarding how to protect themselves from identity theft. Safeguarding organizational and personnel data from illicit intrusions will enhance continuity of operations, response-ability, and critical infrastructure protection.

Visit http://www.us-cert.gov/cas/tips/ST05-019.html as one source for more information.

A Cyber Tool for Updates

The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) observed that a cyber tool can simplify research and keep Emergency Services Sector (ESS) personnel updated on many facets of critical infrastructure protection.

A recent article posted on a law-enforcement-sponsored website discussed the abundance of information available through an auxiliary service at the Google.com web portal. The service consists of no-cost "Google Alerts" that generate research and updates based on the type of search alert a user specifies. Search alerts are written for topics of interest. Subsequently, the user receives electronic mail (HTML or plain text) at chosen time intervals (one/day, one/week, or "as it happens") for newly published references that contain the topic of interest.

For example, a first responder can set up an account to write Google alerts regarding changes to, or emerging trends in equipment, apparatus, cyber issues, grants and funding, training, product recalls, or personnel safety. Currently, four types of alerts are available: news, web, news and web, and groups (a given Google Group search).

Up to ten alerts per individual electronic address can be created at a time. The alert service includes mechanisms to manage a user's alerts, as well as an advanced search page that allows an individual to refine his desired information if too many "off-topic" results are received. No user electronic addresses are shared, sold, traded, revealed, publicized, or marketed.

The EMR-ISAC views Google alerts as a potentially rewarding and user-friendly research tool for ESS organizations. For additional information and to set up free alert searches, visit http://www.google.com/alerts.

ESS Equipment Degradation Potential

Recognizing that the handheld radio is a common communications and survival tool in the Emergency Services Sector's (ESS) portfolio of critical infrastructure equipment, the Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) reviewed the National Institute of Standards and Technology (NIST) study of the effects of heat on responders' handheld radios.

NIST conducted the DHS-funded study to evaluate the general performance of portable radios at elevated thermal conditions, to identify shortcomings, and to suggest standards for the radios. Three representative portable radios from three different manufacturers were tested in a wind tunnel designed to simulate thermal conditions at three different degrees of intensity that responders are equipped to withstand (Thermal Class 1, max. temp 212°F for 25 minutes; Thermal Class 2, max. temp 320°F for 15 minutes; and Thermal Class 3, max. temp. 500°F for 5 minutes). The listed maximum operating temperature of the radios was 140°F.

No radios survived the Thermal Class 2 test and cool-down period. During a 15-minute test at 320°F, one radio failed at 8.5 minutes, while two others suffered such significant performance problems as transmission and reception shutdown to signal degradation or fluctuation.

Important for responder organizations to know is that researchers discovered portable radios inside pockets or turnout gear "fared much better" during the tests. For example, all radios survived temperature tests at Thermal Class 1 and 2 maximum heats and times. Pocket-protected radios also survived Thermal Class 3, but not their exposed cords, speakers, and microphones. Researchers suggested small design changes that could allow all protected radios to reach a Thermal Class 3 rating.

Emergency personnel can read and download the 24-page report, Testing of Portable Radios in a Fire Fighting Environment, NISTIR 1477, by visiting http://fire.nist.gov/bfrlpubs/fire06/art008.html.