INFOGRAM November 21, 2002

NOTE: This INFOGRAM will be distributed weekly to provide members of the
emergency services sector with news and information concerning the
protection of their critical infrastructures. For further information
please contact the U.S. Fire Administration's Critical Infrastructure
Protection Information Center at (301) 447-1325 or e-mail at

8 Major Tenets of CIP

With each passing day, there seems to be increasing attention given to
the protection of critical infrastructures by federal, state, and local
officials, including those of the emergency first response services. The
CIPIC is a witness to this progression given the constantly growing
number of daily phone calls and electronic messages. Therefore, for the
benefit of those who may be new to the discipline of critical
infrastructure protection (CIP), the eight majors tenets of CIP are
presented as follows: 

Terrorist attacks, natural disasters, and HazMat accidents can weaken an
organization's performance or prevent its operations. 

Among all the processes and procedures involved in emergency
preparedness, CIP is possibly the most important component. 

CIP protects the people, physical entities, and cyber systems that are
indispensably necessary for survivability, continuity of operations, and
mission success. 

It is not just about security; CIP is mainly about operational
effectiveness and "response-ability." 

CIP involves the application of a five-step systematic, analytical

Identify critical infrastructures 

Determine the threats 

Analyze vulnerabilities 

Assess risks 

Apply countermeasures 

There will never be enough resources to achieve total emergency
preparedness including infrastructure protection. 

CIP requires that senior leaders make tough decisions about what assets
really need protection by the application of scarce resources. 

There should be no tolerance for waste and misguided spending in the
business of emergency preparedness and CIP. 

Aggressive Behavior

The added anxieties or tensions brought upon emergency first responders
in the past fourteen months raise the possibility for aggressive
behavior by firefighters and emergency medical personnel. Sporadic
incidents provide some indication that concerns about preparedness for
terrorist attacks involving weapons of mass destruction, personal
safety, family security, etc., have created more than normal amounts of
negative stress for first responders. It is human nature that this
stress will occasionally manifest itself in aggressive behavior. The
CIPIC recommends that emergency service department leaders consider the
potential for this stress to be disruptive and, additionally, degrade
the protection of the organization's critical infrastructures. 

Much has been written about defusing aggressive behavior. Since violent
action can have multiple adverse effects, psychologists agree that it
must be addressed within any organization. For those chief officers who
may be confronted with such workplace behavior, the following fifteen
fundamentals are listed as a reminder for future use with a probable or
confirmed aggressive employee: 

Promote an atmosphere of cooperation and concern. 

Remain calm and avoid the display of anger or anxiety. 

Be open, straightforward, and honest in any discussion. 

Speak in a private location away from any distractions. 

Squarely face the person and maintain eye contact. 

Invite the person to discuss his/her concerns, frustrations, etc. 

Ask reflective questions that solicit detailed answers. 

Practice active listening for all the verbals and non-verbals. 

Try your best to understand the person's thoughts and feelings. 

Accept that an individual's perceptions are his/her reality. 

Encourage the aggrieved person to suggest a solution. 

Be prepared to make justifiable concessions. 

Assure you will act on any injustices experience by the individual. 

Uphold and protect the dignity of the person. 

Enable the individual to win something as well as the department. 

Dealing with the Warning Overdose

Among all the challenges that chief officers contend with on a daily
basis, another concern could become problematic if it has not already
done so: dealing with the overdose of threat advisories and warnings. If
they have not already appeared, the potential still exists that leaders
and personnel of the emergency services will experience the symptoms of
"alert fatigue." This malaise, cynicism, or despair, according to
terrorism analysts in the United States and United Kingdom, may be
triggered by the many threat advisories and warnings that are issued
without an incident or a confirmed attempt at one. These specialists
expressed fear that people-including the first line soldiers of homeland
security-will stop paying attention, which is exactly what the
terrorists want. 

Recognizing the patient tactics of committed terrorists, the CIPIC also
encourages all firefighters and emergency medical personnel to support
each other while maintaining an uninterrupted, elevated state of
awareness for suspicious or unusual activities. But for all personnel to
effectively remain alert will necessitate that chief officers and their
staff comprehend the physiological and psychological effects of "alert
fatigue" among other ill effects of stress. This understanding is
essential to taking care of subordinates. After all, protecting this
exceedingly invaluable critical infrastructure-personnel-is a
fundamental leadership premise of the fire-rescue service.

Cyberattacks Imminent?

The CIPIC recommends that all emergency response departments review
their protective measures for organizational cyber systems, especially
if those systems in anyway connect to the Internet. This recommendation
is made because security experts and two former CIA officials recently
said that "warnings of cyberattacks by al Qaeda against western
infrastructures should not be taken lightly."

The former CIA chief of counterterrorism explained that a number of
extremists, some of them close to al Qaeda, have developed expertise in
computer science. "And some are well schooled in how to carry out
cyberattacks," according to materials retrieved from al Qaeda camps in

Additionally, in an exclusive interview with Computerworld early this
week, Sheikh Omar Bakri Muhammad, a London-based fundamentalist Islamic
cleric with known ties to Osama bin Laden, said al Qaeda and other
extremist Muslim groups around the world are actively planning to use
the Internet as a weapon in their "defensive" jihad against the United

The National Infrastructure Protection Center (NIPC) has been designated
as the central point of notification for infrastructure disruptions and
intrusions. Members of the emergency response community are requested to
report any incidents involving their systems. There are three ways to
report these attacks:

NIPC - Voice: 202-323-3205, Fax: 202-323-2079, E-Mail:

Your local FBI office - Web:

U. S. Fire Administration - Voice: 301-447-1325, E-Mail:
[EMAIL PROTECTED], Fax: 301-447-1034, Mail: Room J-247, 16825 S. Seton
Avenue, Emmitsburg, MD 21727

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to