United States Fire Administration Critical Infrastructure Protection
Please note: This INFOGRAM will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or e-mail at firstname.lastname@example.org.
Critical Infrastructures Degraded
The horrifying terrorist attacks of earlier this week have caused great grief, anger, and frustration. As our nation assesses the magnitude of death and destruction, it is clear that critical infrastructures were degraded, most particularly, those of the New York City Fire Department (FDNY). Critical infrastructures are "show-stoppers." They are those crucial assets that will seriously degrade or prevent fire suppression operations and rescue missions if not intact and operational. Simply stated, they are the people, things, or systems that must be protected. On Tuesday (11 September) occurred the largest loss of firefighters in a single incident throughout all world history. FDNY additionally reports that scores of fire trucks and emergency service vehicles were destroyed in the collapse of both World Trade Center (WTC) towers. The true extent of their tragic losses will not be known for some time. It is certain that FDNY survivors are shaken, but steadfast. They will continue to serve their city to the best of their ability. However, that ability has been tremendously degraded given the unprecedented losses of personnel and equipment.
Communications Infrastructure Crippled
Within three hours on the morning of 11 September, the concentrated terrorist attack crippled telephone and Internet traffic on the East Coast with the destruction of key telecommunications equipment of several carriers located atop and within the WTC towers. Cell phone and land line circuits became immediately overloaded. Web sites and Web cams associated with the WTC were quickly inaccessible. Verizon, one of the many telecom carriers affected by the attack, said two destroyed facilities usually handled calls to and from New York City (NYC). Verizon said at least ten more wireless network cell sites lost service when their connection facilities in the skyscrapers were obliterated. AT&T also had telecom equipment housed in one of the WTC buildings. Both AT&T and Sprint reported massive congestion on land and wireless networks into NYC. This harsh reality explains why cell phone calls from those trapped inside the collapsed buildings were not received until after midnight. Telecom traffic from Europe soared to sixty times higher than normal, particularly around NYC and Washington, D.C. Phone lines were extremely busy much of Tuesday, and many callers experienced the "fast busy" (signal received before the full number is dialed) and had to redial. This major disruption of the communications infrastructure largely disappeared by Wednesday. Nevertheless, it serves as another reminder of the benefits of redundancy in telecom systems and the prudence of having measures to protect this redundancy as an insurance policy.
A spokesperson for the FBI’s National Infrastructure Protection Center (NIPC) said that Tuesday’s horrendous surprise assault on America confirms what some security experts have continuously maintained: "that the threat of cyberterrorism is far outweighed by the threat posed to the U.S. homeland by traditional, more violent forms of terrorism." In a report published only a year ago, the National Commission on Terrorism expressed that the tactics and goals of the world’s terrorist organizations remain low-tech. "A growing percentage of terrorist attacks are designed to kill as many people as possible," the report stated. "Guns and conventional explosives have so far remained the weapons of choice for most terrorists." These latest attacks support their conclusion that terrorist groups have yet to demonstrate they value the relatively bloodless outcome of a cyberattack on the nation’s critical infrastructures. Rather than shift to cyberattacks, terrorists are opting more for "scale" and "smarter targeting." As this appears to be the case, where current emergency management plans do not exist, the emergency first response community must lead their municipalities in developing a quality plan for managing large-scale emergencies. The Critical Infrastructure Protection Information Center (USFACIPIC) advises that planning include proactive measures to protect the community’s critical infrastructures. The USFACIPIC also recommends that the plan(s) be rehearsed or exercised when completed. Terrorism preparedness materials are available (free of charge) from the United States Fire Administration’s Publication Center (800-561-3356 or 301-447-1189).
Terrorist Threat Advisory
As a result of the 11 September attacks, the FBI issued a terrorist threat advisory effective through 11 October 2001, at which time the advisory will expire unless extended. The FBI has no information of any specific threats directed against additional targets or critical infrastructures in the United States. However, all infrastructure owners and operators should be at a heightened state of alert and should implement appropriate physical and cyber security measures. The FBI has activated its Strategic Information and Operations Center (SIOC) at FBI headquarters in Washington, D.C. Additional information regarding these events will be disseminated as appropriate through the National Threat Warning System. Should anyone receive or develop any information pertaining to this matter they should contact their local FBI office immediately. Additionally, a 24-hour hotline has been established to receive information relevant to the WTC and Pentagon incidents. Those with information regarding these or other terrorist acts should report them immediately to the hotline at 1-866-483-5137.
Matrix.Net, which analyzes Net traffic at thousands of critical Internet nodes, said that damage to the Internet’s infrastructure following the collapse of the WTC towers rapidly caused a drop in Internet connectivity and the inaccessibility of many major websites. But the company said data shows the nation’s main Internet Infrastructure, nodes and backbones, quickly returned to near normal. The outages that occurred were generally because servers could not handle the increased traffic. Regardless of the limited effects on this infrastructure, a computer security analyst said "increasing cybersecurity is a must with actions like this." John Pescatore, a National Security Agency analyst with Gartner Inc. said: "Pulling the plug from the Internet would be prudent, especially if agencies do not have cyberattack response measures in place."
USFACIPC Weekly Lexicon: Intranet (adapted from the Critical Infrastructure Glossary of Terms by the Critical Infrastructure Assurance Office)
A private network for communications and sharing of information that, like the Internet, is based on the use of common communications protocols, but is accessible only to authorized users within an organization. It is always protected from external access by a firewall.
The National Infrastructure Protection Center (NIPC) has been designated as the central point of notification for information system disruptions and intrusions. Members of the emergency response community are requested to report any incidents involving their systems. There are three ways to report these attacks:
1) NIPC - Voice: 202-323-3205, Fax: 202-323-2079, Web: http://www.dhs.gov/files/programs/editorial_0827.shtm
2) Your local FBI office - Web: http://www.fbi.gov/contact/fo/fo.htm
3) U. S. Fire Administration - Voice: 301-447-1325, E-Mail: email@example.com, Fax: 301-447-1034, Mail: 16825 S. Seton Avenue, Emmitsburg, MD 21727