InfoGram 13-07: April 5, 2007

This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

INFOSEC Enhances CIP

As part of their critical infrastructure protection (CIP) practices, the Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) encourages Emergency Services Sector (ESS) organizations to implement Information Security (INFOSEC) when conducting the daily business of department or agency operations. INFOSEC is a necessary discipline to protect sensitive but unclassified information susceptible to adversary intelligence collection activities.

There are several areas where ESS organizations are vulnerable to the scrutiny of domestic and transnational terrorists. This pertains particularly to emergency response information that generally includes matters about personnel, equipment, structures, operations, plans, and training. Therefore, to avoid drawing attention to responder activities and inadvertently telegraphing vulnerabilities for adversaries to target, ESS departments and agencies should protect internal critical infrastructures with the following low-cost actions (not inclusive) obtained from multiple counterterrorism sources:

• Refuse discussion of sensitive information on unsecured communication devices.
• Shred all unneeded documents about personnel, plans, operations, training, and equipment.
• Stop leaving sensitive documents (e.g., CIP FOUO Notices) unattended regardless of location.
• Avoid discussions about sensitive issues in unsecured areas.
• Screen all information that will be released to the public through any medium.
• Evade “phishing” attacks using email or malicious websites to solicit sensitive information.
• Remove the following sensitive information from websites and all other information sharing venues:
  • Proprietary information including diagrams, drawings, program summaries, and meeting notes.
  • Incident records, Standard Operating Procedures (SOPs), Standard Operating Guidelines (SOGs), directives, administrative regulations, publications, and directories.
  • Personnel rosters and phone lists indicating leadership positions, where personnel fit in the organization, and where they reside.
  • Memoranda and correspondence that might include passwords, specific activities, personal information, purchase orders, and account names and numbers.

The EMR-ISAC understands that ESS organizations desire to keep their citizens informed and confident regarding the capabilities of their local first responders. Consequently, decision makers must find the right balance between public information and information security to accomplish both, while simultaneously reducing the vulnerabilities of the department or agency.

More Emphasis on Catastrophic Planning

The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) recognizes that emergency management officials at all levels of government are diligently working to strengthen plans and formalize mutual aid agreements that will serve the nation well for the disasters most common in the United States. To bolster critical infrastructure protection (CIP) in the planning process, the EMR-ISAC identified six best practices for disaster planning from Department of Homeland Security sources. A brief listing of the major practices having likely CIP benefits for Emergency Services Sector organizations follows:

• Consult and comprehend the National Response Plan before drafting or revising emergency operations plans and planning processes.
• Understand and apply collaborative planning as part of “steady state” preparedness.
• Ensure basic plans adequately address all catastrophic events, continuity of operations, and continuity of government.
• Specify a clearly defined command structure and procedures for communicating among all operational components.
• Guarantee the inclusion of quality evacuation planning and actions.
• Prepare resource management annexes that completely describe the means, organization, and process to obtain, allocate, track, and transport resources to meet operational requirements and resolve potential shortfalls.

Considering the criticality of effective disaster planning, the EMR-ISAC suggests that implementation of the above listed practices will help to enhance the survivability and continuity of local jurisdictions and their emergency response capabilities. Hence, more emphasis on catastrophic planning must be encouraged and supported throughout the urban, suburban, and rural areas of the nation.

Computer Utilization in ESS Vehicles

The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) explored existing problems surrounding the utilization of computers in emergency vehicles and the possible risks to Emergency Services Sector (ESS) personnel. While studying the issues, the EMR-ISAC learned that equipment configuration and tactical training can positively or negatively affect the most critical of infrastructures within any organization.

In his article, “Is Your Patrol Car Computer Going to Kill You?” at Officer.com, author Jim Donahue explains that emergency vehicles are becoming mobile offices equipped with an array of technology and hardware. Although essential to mission success, computers need to be configured to be ergonomically correct and mitigate user distraction. Responders also need to protect themselves while using computers in their vehicles.

End-user input is vital to the successful implementation of vehicle-borne computers. Suggestions by prospective users can be tremendously helpful before and after technology purchases, upgrades or changes. One department invited vendors to outfit vehicles for ESS members to use for two months before purchasing decisions were made. According to feedback from across the country, end-users strongly recommended:

• Installing fully adjustable, user-friendly mounts.
• Avoiding the use of fixed keyboards.
• Placing computer screens to locate the top of the screen one inch above the dashboard.

A mobile data terminal safety study (PPT, 4 Mb) prepared by the Omaha Police Department Safety Committee examined vehicle computer logistical, ergonomic, and safety/tactical concerns.

In addition to properly configuring equipment for end-users, it is equally important to conduct training that protects the personnel infrastructure of the using organizations. Examples include:

• Identify “safe haven” areas in the community where responders in a stationary mode can work, complete paperwork, etc. Publicize the locations to responders.
• Consider having personnel use timers while stationary and focused on computer work. A timer set to alert every couple of minutes reminds responders to check their environment.
• Coach personnel in how to quickly note critical pieces of information without having to study the computer screen. Use samples of actual output text to clarify where the most critical information appears. (In one state, all text on valid driver’s license reports appears to the left of the screen. Notifications that indicate invalid, suspended, and revoked licenses are indented halfway across the screen. The text shape gives the answer without the need to read.)

The EMR-ISAC suggests emergency organizations review the study with respect to protecting the personnel infrastructure, and certainly before purchasing or upgrading in-vehicle monitors, mounts, and keyboards.

Suspicious Powder Sampling Protocol Published

The Department of Homeland Security (DHS), in concert with the National Institute of Standards and Technology (NIST), is making available to the Emergency Services Sector (ESS) a recently developed methodology standard for collecting, containing, and transporting small samples of unknown powders suspected of being hazardous biological agents. The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) acknowledges that improper collection, packaging, and transport of unknown agents can potentially contaminate and degrade the personnel and equipment components of an organization’s internal infrastructure.

The EMR-ISAC learned that American Society for Testing and Materials (ASTM) E 2458, Standard Practices for Bulk Sample Collection and Swab Sample Collection of Visible Powders Suspected of Being Biological Agents from Nonporous Surfaces, was developed for DHS by a multi-agency team, including federal, state, and local organizations. DHS secured a special unlimited license to allow free downloading of the standard.

The standard details a tested protocol to be used when responders are confronted with an unknown powdered substance that, after an initial assessment for explosive, radiological or chemical hazards, they suspect is a biological threat. The protocol is designed to minimize exposure risks to responders and citizens, while ensuring that unadulterated samples are collected for later biochemical and forensic analysis by public health and law enforcement organizations.

ASTM E 2458, the first nationally validated standard of its kind, involves a two-stage process. The first stage covers the bulk collection and packaging of a suspicious powder from a solid, non-porous surface. Second, swab samples of residual powder from the surface are collected for immediate on-site tests and biological screening. (Bulk sample collection is done first to minimize the dispersion of the powder.)

The standard can be viewed and downloaded at www.astm.org/COMMIT/E54.htm. At this page, find the Committee-Sponsored Products in the lower right corner. Click on “download ASTM E 2458 for free here. ”At the ordering page, enter location and state, and click on “go to shopping cart.” This opens up the ASTM Store Check Out page. Notice that the cost is free! Follow remaining directions to begin check out. Contact Michael Baum, michael.baum@nist.gov, 301-975-2763 for assistance if desired.