http://www.usfa.fema.gov/dhtml/fire-service/ignov2102.cfm
CRITICAL INFRASTRUCTURE PROTECTION CENTER INFOGRAM November 21, 2002 NOTE: This INFOGRAM will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical infrastructures. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or e-mail at [EMAIL PROTECTED] 8 Major Tenets of CIP With each passing day, there seems to be increasing attention given to the protection of critical infrastructures by federal, state, and local officials, including those of the emergency first response services. The CIPIC is a witness to this progression given the constantly growing number of daily phone calls and electronic messages. Therefore, for the benefit of those who may be new to the discipline of critical infrastructure protection (CIP), the eight majors tenets of CIP are presented as follows: Terrorist attacks, natural disasters, and HazMat accidents can weaken an organization's performance or prevent its operations. Among all the processes and procedures involved in emergency preparedness, CIP is possibly the most important component. CIP protects the people, physical entities, and cyber systems that are indispensably necessary for survivability, continuity of operations, and mission success. It is not just about security; CIP is mainly about operational effectiveness and "response-ability." CIP involves the application of a five-step systematic, analytical process: Identify critical infrastructures Determine the threats Analyze vulnerabilities Assess risks Apply countermeasures There will never be enough resources to achieve total emergency preparedness including infrastructure protection. CIP requires that senior leaders make tough decisions about what assets really need protection by the application of scarce resources. There should be no tolerance for waste and misguided spending in the business of emergency preparedness and CIP. Aggressive Behavior The added anxieties or tensions brought upon emergency first responders in the past fourteen months raise the possibility for aggressive behavior by firefighters and emergency medical personnel. Sporadic incidents provide some indication that concerns about preparedness for terrorist attacks involving weapons of mass destruction, personal safety, family security, etc., have created more than normal amounts of negative stress for first responders. It is human nature that this stress will occasionally manifest itself in aggressive behavior. The CIPIC recommends that emergency service department leaders consider the potential for this stress to be disruptive and, additionally, degrade the protection of the organization's critical infrastructures. Much has been written about defusing aggressive behavior. Since violent action can have multiple adverse effects, psychologists agree that it must be addressed within any organization. For those chief officers who may be confronted with such workplace behavior, the following fifteen fundamentals are listed as a reminder for future use with a probable or confirmed aggressive employee: Promote an atmosphere of cooperation and concern. Remain calm and avoid the display of anger or anxiety. Be open, straightforward, and honest in any discussion. Speak in a private location away from any distractions. Squarely face the person and maintain eye contact. Invite the person to discuss his/her concerns, frustrations, etc. Ask reflective questions that solicit detailed answers. Practice active listening for all the verbals and non-verbals. Try your best to understand the person's thoughts and feelings. Accept that an individual's perceptions are his/her reality. Encourage the aggrieved person to suggest a solution. Be prepared to make justifiable concessions. Assure you will act on any injustices experience by the individual. Uphold and protect the dignity of the person. Enable the individual to win something as well as the department. Dealing with the Warning Overdose Among all the challenges that chief officers contend with on a daily basis, another concern could become problematic if it has not already done so: dealing with the overdose of threat advisories and warnings. If they have not already appeared, the potential still exists that leaders and personnel of the emergency services will experience the symptoms of "alert fatigue." This malaise, cynicism, or despair, according to terrorism analysts in the United States and United Kingdom, may be triggered by the many threat advisories and warnings that are issued without an incident or a confirmed attempt at one. These specialists expressed fear that people-including the first line soldiers of homeland security-will stop paying attention, which is exactly what the terrorists want. Recognizing the patient tactics of committed terrorists, the CIPIC also encourages all firefighters and emergency medical personnel to support each other while maintaining an uninterrupted, elevated state of awareness for suspicious or unusual activities. But for all personnel to effectively remain alert will necessitate that chief officers and their staff comprehend the physiological and psychological effects of "alert fatigue" among other ill effects of stress. This understanding is essential to taking care of subordinates. After all, protecting this exceedingly invaluable critical infrastructure-personnel-is a fundamental leadership premise of the fire-rescue service. Cyberattacks Imminent? The CIPIC recommends that all emergency response departments review their protective measures for organizational cyber systems, especially if those systems in anyway connect to the Internet. This recommendation is made because security experts and two former CIA officials recently said that "warnings of cyberattacks by al Qaeda against western infrastructures should not be taken lightly." The former CIA chief of counterterrorism explained that a number of extremists, some of them close to al Qaeda, have developed expertise in computer science. "And some are well schooled in how to carry out cyberattacks," according to materials retrieved from al Qaeda camps in Afghanistan. Additionally, in an exclusive interview with Computerworld early this week, Sheikh Omar Bakri Muhammad, a London-based fundamentalist Islamic cleric with known ties to Osama bin Laden, said al Qaeda and other extremist Muslim groups around the world are actively planning to use the Internet as a weapon in their "defensive" jihad against the United States. The National Infrastructure Protection Center (NIPC) has been designated as the central point of notification for infrastructure disruptions and intrusions. Members of the emergency response community are requested to report any incidents involving their systems. There are three ways to report these attacks: NIPC - Voice: 202-323-3205, Fax: 202-323-2079, E-Mail: [EMAIL PROTECTED] Your local FBI office - Web: http://www.fbi.gov/contact/fo/fo.htm U. S. Fire Administration - Voice: 301-447-1325, E-Mail: [EMAIL PROTECTED], Fax: 301-447-1034, Mail: Room J-247, 16825 S. Seton Avenue, Emmitsburg, MD 21727 IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk