This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.
In its ongoing research for the threats to and vulnerabilities of Emergency Services Sector (ESS) critical infrastructures, the Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) has noticed the increasing frequency of social engineering by telephone. According to the American Heritage Dictionary, social engineering is a broad term referring to the practical application of sociological principles to particular social problems.
From a criminal perspective, an attacker uses human interaction (e.g., social skills) to fraudulently obtain or compromise information about an organization (i.e., its personnel, physical assets, or communication/cyber systems). For example, an attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher, and even offering credentials to support that identity. But by asking questions, he or she may be able to piece together enough information to infiltrate an organization's infrastructure. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the words from the first source to add to his or her credibility.
Suspicious social engineering calls usually involve a knowledgeable individual phoning the target organization and ingratiating himself with an employee of the department or agency. During casual and seemingly innocent conversation, the caller will attempt to extract sensitive information from the employee. Typically, many unsuspecting victims will want to be helpful and provide the requested information unless it is clearly too sensitive to share with an outsider. However, based on the caller's apparent knowledge of the emergency department or agency, employees are often deceived into divulging information that they might not otherwise give to a stranger.
To eliminate the potential exploitation from suspicious wireline and wireless phone calls, the EMR-ISAC recommends ESS personnel be thoroughly trained to understand what organizational information is sensitive and, therefore, must be protected from adversary collection techniques such as social engineering. ESS departments and agencies should train to practice information security (INFOSEC) to protect their critical infrastructures.
Early this week, a trio of fast-moving wildfires in western Montana threatened nearly 200 homes. Montana and Idaho each have more than a dozen fires, far more than any other state, according to the National Interagency Fire Center. California, Oregon, Washington, Wyoming, North Dakota, and Michigan are also currently combating major wildland fires. Many of these blazes have either destroyed or now threaten local critical infrastructures.
Over the past several weeks of wildland fire operations, there have been several accidents and near misses in various parts of the country involving the critical infrastructures of the Emergency Services Sector (ESS), specifically personnel and equipment. Considering the fact that 2007 is already proving to be a challenging fire season, the Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) agrees with the appropriateness of focusing on greater situational awareness and effective risk management to protect ESS critical infrastructures.
The U.S. Fire Administration (USFA) recommends managers at all organizational levels engage firefighters and subordinate line officers on the subject of risk management. To learn more about the USFA recommendation, see the Wildland Fire Operations Risk Management Information Paper from USFA's section on wildfires.
The Federal Emergency Management Agency (FEMA) announced this week the availability of approximately $110 million in grant money for Fiscal Year 2007, under the Staffing for Adequate Fire and Emergency Response (SAFER) Program.
FEMA Administrator David Paulison explained that SAFER resources help fire departments to hire, recruit, and retain firefighters to ensure their communities are fully protected. He clarified that the additional personnel also increase the capabilities of the fire service to respond to acts of terrorism and natural disasters.
The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) understands that SAFER grants enable emergency organizations to fortify the personnel component of their critical infrastructure. Specifically, these grants allow for the funding of two separate activities: hiring firefighters, and recruiting and retaining firefighters.
Career, volunteer, and combination career/volunteer fire departments are eligible to receive funding under the Hiring of Firefighters Activity. Combination fire departments and volunteer fire departments are eligible to receive funding under the Recruitment and Retention of Firefighters Activity. Local or statewide organizations that represent the interests of volunteer firefighters are also suitable for recruitment and retention funding.
Fire departments operating within the 50 United States, District of Columbia, Guam, Puerto Rico, Virgin Islands, American Samoa, or the Commonwealth of the Northern Mariana Islands are entitled to apply. A "fire department" is defined as an agency or organization that has a formally recognized arrangement with a State, local, or tribal authority (i.e., city, county, parish, fire district, township, town, or other governing body) to provide direct fire suppression services on a first-due basis to a population within a fixed geographical area.
SAFER grant funds in the Hiring of Firefighters Activity may be used only to pay firefighter salaries and fringe benefits, but not for operational needs such as training or equipping the new firefighters. Grant applications must be received no later than 5:00 p.m. EDT on 31 August 2007. Program guidance, applicant tutorial, and general information about SAFER grants is available at http://www.fema.gov/firegrants/safer. The help desk can be reached by calling 1-866-274-0960.
Emergency responder experiences substantiate the possibility of diminished individual performance and potential for degraded organizational effectiveness caused by intense summer heat. Accepting this fact, the Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) acknowledges that incident scene emergency responder rehabilitation (rehab) is imperative, but never more so than during periods of hot weather.
To mitigate the adverse effects of hyperthermia and heat illnesses, the EMR-ISAC recommends the guidance offered by FireRehab.com and FirefighterCloseCalls.com to protect Emergency Services Sector (ESS) personnel. For example, develop a Rehabilitation Standard Operating Procedure (SOP) to ensure Rest (a time-out to help responders stabilize vital signs), Rehydration (replacing lost fluids/plasma volume), Restoration (of core body temperature), Rx (medical monitoring and treatment), and Refueling (calories and electrolytes). A sample SOP is included in the Rehabilitation: Standards, Traps and Tools download. (PDF, 3.4 Mb, Adobe Acrobat (PDF) Help)
ESS departments and agencies are likewise encouraged to obtain proper resources and comply with the practices seen here:
A ready-to-use rehabilitation guideline training aid (29-slide PowerPoint presentation, 4.9 Mb) is available for download. Also available for viewing is the Federal Emergency Management Agency/U.S. Fire Administration document, Emergency Incident Rehabilitation. (PDF, 95 Kb, Adobe Acrobat (PDF) Help)
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
