Infogram
March 25, 2004
NOTE: This INFOGRAM will be distributed weekly to provide members of the emergency management and response sector with information concerning the protection of their critical infrastructures. It has been prepared by NATEK Incorporated for the Emergency Preparedness and Response Directorate. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by e-mail at emr-isac@dhs.gov.
Social Engineering: A Threat
Federal government sources indicate that domestic and transnational opponents employ social engineering to collect information regarding critical infrastructure vulnerabilities. U.S. intelligence experts believe these adversaries successfully capitalize on the "American spirit" to voluntarily help individuals in need. This aspect of our human nature is particularly dominant among Emergency Management and Response (EMR) personnel throughout the nation.
Generally, social engineering is the art of persuading people to say or do what you want. As it applies to information gathering, it is a "sociable technique" to acquire answers to questions from normally unwilling people. Specifically, the practice involves building trust and rapport between the intelligence collector and the target person. Too often it takes less than a few minutes for the deceitful perpetrator to engage in pleasant conversation yielding the desired data.
The Department of Homeland Security has recognized and accepted the EMR Sector as a national critical infrastructure, and a possible primary or secondary target of terrorism. Additionally, the EMR-ISAC has reminded EMR departments and agencies that they have their own internal critical infrastructures (i.e., personnel, physical assets, and communication systems), which must be constantly intact and operational to ensure response-ability. However, very frequently internal critical infrastructures have vulnerabilities that can be exploited if discovered by criminal activists or terrorists.
Many emergency first response departments have been and will be threatened with social engineering through personal contact, telephone, or electronic mail. The EMR Sector will continue to be solicited for sensitive information about existing vulnerabilities, emergency plans, response operations, etc. Therefore, the EMR-ISAC cautions all first response organizations to be alert for those who will use social engineering to acquire vital information. Ensure the rank and file are aware of this threat and avoid being victimized by it.
CIP: Indispensable Component of Emergency Management
Most would agree that the role of local emergency management agencies is to develop and maintain plans and programs for the mitigation, preparedness, response, and recovery from all hazards. Each local government has the legal mandate to guarantee that these plans and programs are effectively supported by the essential capabilities to perform emergency operations regardless of the crisis.
As the focal point for emergency planning and coordination, the emergency management agency develops hazard mitigation programs and activities in conjunction with other departments (e.g., fire, police, EMS, medical, public works, etc.) to reduce the vulnerability of critical infrastructures to any calamity. To perform this crucial task, the emergency manager or coordinator must accept critical infrastructure protection (CIP) as an indispensable component of emergency management.
With hazard mitigation being the top line and mission assurance being the bottom line of CIP, it is urgent that community leaders consider the CIP process during the mitigation phase of emergency planning. At minimum, the CIP process offers the following advantages:
- Improves understanding of the man-made and natural threats to critical infrastructures.
- Aids the assessment of which community infrastructures are most vulnerable.
- Helps determine the priorities for protecting vulnerable infrastructures.
- Assists the selection of necessary protective measures.
The application of the CIP process can prevent the degradation of, or otherwise, mitigate the loss of local critical infrastructures resulting from a deliberate attack, accidental incident, or natural disaster. Therefore, the EMR-ISAC recommends that CIP should always be a significant ingredient of emergency management. More information about the CIP process can be obtained by contacting the EMR-ISAC at (301) 447-1325 or at emr-isac@dhs.gov.
Mutual Aid Agreements Support CIP
In the National Strategy on Homeland Security, the Department of Homeland Security (DHS) placed renewed attention on mutual aid agreements. To promote this focus, DHS officials state that more mutual aid systems are needed between and among local jurisdictions. Additionally, the National Incident Management System (NIMS) released earlier this month emphasizes mutual aid as "an indispensable tool for the swift and coordinated response to disasters of all kinds."
According to the National Emergency Management Agency (NEMA), "many local jurisdictions have agreements in place, but they vary widely across the country and frequently are not formal agreements." NEMA has written that several existing agreements "do not address key issues such as liability and compensation, and they fail to encompass multi-disciplines." Considering their benefits for CIP, the EMR-ISAC suggests that to move assets effectively between and among communities will require professional agreement documents that are legal, comprehensive, and include liability and compensation matters.
As part of a grant awarded to NEMA by the Federal Emergency Management Agency (FEMA), NEMA agreed to develop model intrastate mutual aid legislation along with several other related tasks. After a year of work, NEMA finalized a model for voluntary adoption by jurisdictions. The model is meant to be a tool and resource for communities to utilize in developing or refining mutual aid agreements. Local jurisdictions can modify the model to conform to their own laws, authorities, and critical infrastructures.
Formalized mutual aid systems will help ensure that American urban, suburban, and rural areas benefit from each other's CIP efforts while simultaneously improving their response capabilities. The National Model Intrastate Mutual Aid Legislation can be seen and downloaded at the following link: http://www.emacweb.org.
Carbon Monoxide Incidents Guide
FEMA and the U.S. Consumer Product Safety Commission developed guidelines for fire and other emergency response personnel when responding to residential carbon monoxide incidents. The guidelines consist of procedures that emergency responders can use to assist residents who call and report a suspected carbon monoxide incident. The procedures are designed to help responders provide for their own safety when answering a call, analyze the level of care needed by the residents, make a preliminary assessment of the carbon monoxide condition of the residence, and determine when it is safe for occupants to re-enter the building.
The procedures can aid in finding a significant source of carbon monoxide in a home. However, the guide will recommend when other professionals with technical expertise should be contacted to find the cause of hard-to-trace elevated carbon monoxide levels in the residence.
These guidelines are not mandatory requirements. They provide only the basic information necessary for an emergency response to consumers. State and local fire departments can choose to adopt all or part of the material to meet their own needs and resources. The guidelines begin at page 7 of the following link: http://www.cpsc.gov/library/foia/foia04/os/resident.pdf.
FAIR USE NOTICE
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
Reporting Notice
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by e-mail at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by e-mail at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
This is an archived historical document.
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441