InfoGram 10-10: March 11, 2010

This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Receive InfoGrams and Bulletins by Email

Tornado Season

Weather forecasters at the Storm Prediction Center (SPC) of the National Weather Service (NWS) predicted that the United States will experience an active tornado season this year. SPC meteorologists believe: “More tornadoes and other damaging storms may strike the Midwest this spring because cooler temperatures are on course to clash with warmer air pushed into the central U.S. by El Nino.”

“Tornadoes are nature’s most violent storms,” according to the Federal Emergency Management Agency’s (FEMA) Website. “Spawned from powerful thunderstorms, tornadoes can cause fatalities and devastate a neighborhood in seconds. A tornado appears as a rotating, funnel-shaped cloud that extends from a thunderstorm to the ground with whirling winds that can reach 300 miles per hour. Damage paths can be in excess of one mile wide and 50 miles long.” Although more frequently occurring in “Tornado Alley” of the Midwest (i.e., CO, KS, NE, SD, OK, and TX), every state is at some risk from this hazard.

Recognizing that tornadoes are a threat to the critical infrastructures of Emergency Services Sector (ESS) departments and agencies, in addition to citizens and their property, the Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) ascertained from the NWS that 800 tornadoes are reported nationwide each year. These weather events usually result in approximately 80 deaths and over 1,500 injuries annually. “Last year, 1,156 tornadoes occurred throughout the country and 21 people were killed.”

To assist ESS organizations with the consideration of protective and resilience measures for tornado incidents, the EMR-ISAC excerpted the following FEMA facts about this weather phenomenon:

• May strike quickly with little or no warning.
• Can appear nearly transparent until a funnel-shaped cloud forms.
• Generally move Southwest to Northeast, but can travel in any direction.
• Average forward speed is 30 MPH, but can reach up to 70 MPH.
• Could accompany tropical storms and hurricanes as they move onto land.
• More frequently happen east of the Rocky Mountains during spring and summer months.
• March through May is peak season in southern states; May through July in the northern states.
• Most likely occur between 3 p.m. and 9 p.m., but can happen at any time.

More information about tornadoes can be found at “The Online Tornado FAQ,” which is a Website of the National Oceanic and Atmospheric Administration (NOAA).

Mitigation Best Practices

For several years, the Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) examined reports about mitigation actions taken throughout the United States to save lives, lower property damage, and decrease money spent on disaster recovery efforts. According to these reports, the actions to minimize damages have been effective in life safety and reduced personal, structural, and economic costs. In time, many of those activities became “mitigation best practices.”

When researching for a compilation of the “mitigation best practices,” the EMR-ISAC found the Federal Emergency Management Agency (FEMA) document “Developing and Promoting Mitigation Best Practices and Case Studies.” (PDF, 14 Mb) This publication was designed to facilitate the sharing of effective mitigation strategies and practices, to increase public awareness, and to compel community leaders (including those of the emergency services) and citizens to take action. “Its purpose is to increase public understanding of the value and use of mitigation measures as a sound investment for individuals, businesses, and communities nationwide.”

Furthermore, the document seeks to use “Mitigation Best Practices and Case Studies” as a means to communicate mitigation ideas, expertise, and resources that can be utilized on an individual, business or community level to diminish the impact of disasters, and show that mitigation is both effective and affordable.

Additional information on this subject can be seen at the FEMA Mitigation Best Practices Portfolio and the FEMA Mitigation Planning Guide (PDF, 3 Mb).

Spear Phishing Attacks

Frequently, the Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) obtains information regarding Emergency Services Sector (ESS) personnel who receive emails claiming to be from their bank, a relative, or some other trusted source. However, many of these messages come with links or attachments that contain viruses or other programs designed to steal personal or organizational sensitive information.

The EMR-ISAC learned that “spear phishing” attacks go beyond standard phishing schemes. Instead of mass distributed emails with generic subject lines like “Overdrawn Bank Account,” they target specific individuals with messages designed to obtain unauthorized access to particular, sensitive data. The message might look like it comes from your employer, or from a colleague who might send an email message to everyone in the department or agency, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.

The National Cyber Security Division of the Department of Homeland Security advises that all personnel familiarize themselves with the following hallmarks of a “spear phishing” attack:

• Spoofed or Forged Sender Address. This tactic masks the sender’s email address with one that is familiar to the recipient. Watch for the presence of the words “On Behalf Of” in the “From” line.
• Foreign Email or Web Addresses. These messages originate from or are relayed through foreign countries. Watch for domain suffixes such as .an, .cn, .ru, etc.
• Awkward Spelling or Language. Emails from non-English speaking authors frequently have disjointed, misspelled, or grammatically incorrect language.
• Public Presence or Targeted Position. Individuals with public positions or significant roles have occasionally received unsolicited “phishing” messages that seem logical or appropriate.

See the FBI Website for more details on how to avoid becoming a “spear phishing” victim.

Assistance to Firefighters Grant Program Workshop

According to the Federal Emergency Management Agency (FEMA) Website for the Assistance to Firefighters Grant Program (AFG), the primary goal of the AFG is to meet the firefighting and emergency response needs of fire departments and nonaffiliated emergency medical service (EMS) organizations. “The program seeks to support organizations that lack the tools and resources necessary to more effectively protect the health and safety of the public and their emergency response personnel with respect to fire and all other hazards.” For example, the AFG has helped firefighters and other first responders to obtain critically needed equipment, protective gear, emergency vehicles, training, and other resources to protect themselves and their citizens from fire and related dangers.

The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) acquired a U.S. Fire Administration (USFA) release announcing that an AFG workshop schedule is now available. These free workshops will be held around the country to provide information about the submission of competitive applications under the 2010 Assistance to Firefighters Grant Program. The workshop lasts about two hours.

The USFA invites interested representatives from fire departments as well as nonaffiliated EMS organizations to attend the workshops. Information will be presented on program changes, program priorities, eligibility requirements, and the application process. General assistance in writing a competitive narrative for a department’s grant application will also be provided. Registration is not necessary.

Regional contacts and telephone numbers are available at AFG Website.