1. A p blication of e.Republic
publication e.Repu c
p
January/February 2011
T H E FA C E O F
TERROR DOMESTIC THREATS HAVE FORCED
MESTIC
LAW ENFORCEMENT TO THE ‘HOME GAME’
inside:
Are we underestimating
the cyber-threat?
Issue 1 — Vol. 6
The emergency manager
with multiple hats.
2. Knowledge is Power.
Knowledge Center™ is Fusion.
Use Knowledge Center™ to promote a virtual collaborative environment
to facilitate cooperation and provide instant access to information—anytime, anywhere.
Common Operating Picture (COP)
Interoperability
Fusion Center
Situational Awareness
Incident Management Software Solutions
Fully-functional, out-of-the-box, no training required.
Incident Management System Hospital Incident Management System Fusion System
Incident Command System (ICS) Hospital Incident Command System (HICS) Optimized intelligence sharing
Critical Infrastructure/Key Resources (CI/KR) Hazard Vulnerability Assessment (HVA) Secure, tiered access control
Situation Reporting (SITREP) Patient/Triage tracking Dynamic, configurable reporting
Geographic Information Systems (GIS) Hospital Available Beds (HAvBED) Interoperable with CADs
3. “The Knowledge Center’s ‘common operating
picture’ is something that every response
organization should strive for.”
— Commander Timme, US Coast Guard
“I think this type of information sharing
is an example of how it should be.”
— Lieutenant Zupanc, Ohio Fusion Center
Don’t just report.
Communicate.
Call us: 412.635.3322
www.knowledge-center.com
Incident Management Software Solutions
4. ON THE COVER
Contents 28
The Face
of Terror
The localized face of terrorism
has forced law enforcement
to the ‘home game.’
FEATURES
22
The Looming
Cyber-Threat
Underestimating the cyber-threat to
our nation’s critical infrastructure would
prove perilous.
34
Donning Multiple Hats
Should the role of emergency
manager be a full-time job or can the
duties be shared?
DEPARTMENTS
38
PUBLIC SAFETY AND SECURITY
Demystify the Message
Understanding social science research
on emergency warnings is key to
developing alert and warning plans
that grab the public’s attention.
42
DISASTER RECOVERY
Recovery Doesn’t
Just Happen
Most communities lack disaster recovery
planning experience, but examples of
effective efforts provide lessons learned
and help create best practices.
44
TRAINING AND EDUCATION
‘Prepared not Scared’
A partnership between the Girl Scouts of
the USA and federal agencies seeks to help
establish a culture of preparedness.
iSTOCKPHOTO.COM
4
8. Reader Feedback
personnel and other emergency respond-
per attack does happen, those will be a hot commodity,
ers involved in distributing countermea- and I wouldn’t put it past opportunistic criminals to
sures should be offered the anthrax vaccine
sur see the benefit of acquiring a stockpile of antibiotics.”
beforehand since personal protective equip-
bef — Zach Falb
ment (PPE) is not foolproof. Have the USPS
me
workers volunteering in these distribution
wo Enhancing Rail Security
plans been informed that six out of nine
pla An online comment in response to the November/
HAZMAT experts became infected at the
HA December 2010 article Safeguarding the Rails points
Hart Senate Office Building attack in 2001
Ha out an additional method for augmenting railroad
despite using PPE? Do these USPS person-
de security.
nel understand that the anthrax vaccine is
ne
available and when given before exposure/
av “One group which should not be overlooked is
infection, the vaccine is the best protection against the legion of rail fans across the country; not only
both antibiotic-resistant and antibiotic-sensitive do these people often have detailed knowledge of
Letter Carrier Safety anthrax? I wonder if the USPS volunteers under- rail systems, they’re also frequently indulging in
In response to the cover story, Marshaling the stand the risks involved in participating as couri- their hobby of train watching. As such they’re a
Postal Service, in the November/December 2010 ers of antibiotics without being first immunized. perfect force multiplier for enhancing security.
issue, online readers discussed the possible health and Incidentally about half a million doses of Strate- Some railroads have already created ‘rail fan secu-
safety issues for the letter carriers involved in distrib- gic National Stockpile anthrax vaccine is being rity’ programs, actively recruiting rail fans and giv-
uting medical countermeasures following a biological destroyed each month. All this begs the question: ing them an 800 number to call in the event they
attack involving anthrax on a metropolitan area. Why not proactively vaccinate those responding to see something suspicious, or even something like
an anthrax attack with short-dated vaccine rather a minor equipment defect. Expansion of such pro-
“The plan to use USPS letter carriers to dispense than allowing those doses to go to waste?” grams would be a great, and inexpensive, way to
antibiotics to civilians at risk during a confirmed — Thomas K. Zink, M.D. enhance rail security.”
wide-area anthrax attack assumes the anthrax — Tom S.
strain used in the attack is antibiotic-sensitive. This “What I’m curious about is the safety and secu- Your opinions matter to us. Send letters to the editor at
assumption may be a faulty one since we now know rity of the letter carriers when delivering antibiot- editorial@govtech.com. Please list your telephone number
for confirmation. Publication is solely at the discretion of the
that antibiotic-resistant anthrax exists. And even if ics. What precautions are being planned if someone editors. Emergency Management reserves the right to edit
the anthrax used is sensitive to antibiotics, USPS wants to steal the antibiotics they’re delivering? If an submissions for length.
Emergency Management Events
14-18 February 15-16 February 22-25 February 3 March 7-11 March
RSA CONFERENCE BORDER SECURITY EXPO PUBLIC HEALTH ALL-HAZARDS/ IWCE CONVERGENT
San Francisco Phoenix PREPAREDNESS SUMMIT ALL-STAKEHOLDERS SUMMIT COMMUNICATIONS SYSTEMS
Atlanta Seattle CONFERENCE
Learn about emerging threats in The expo features exhibit hall Las Vegas
information security and how to displays of cutting-edge tech- The summit offers interac- The All-Hazards/All-Stakeholders
safeguard against them. nology, workshops and speaker tive sessions and workshops Summit will address man-made At IWCE, visit more than 330
presentations on critical issues, focused on building, enhancing and natural hazards — fires, exhibitors showcasing the
WWW.RSACONFERENCE.COM
and free certified training for and sustaining our nation’s floods, earthquakes, terror hardware, applications, interop-
law enforcement professionals. ability to plan for, respond to events — facing the Seattle area erability and integration that
and recover from disasters and and address best practices in will make your systems more
20-25 March WWW.BORDERSECURITYEXPO.COM
other public health emergencies. preparing for and mitigating effective and efficient. Attend
these crises. workshops and seminars to
NATIONAL EMERGENCY WWW.PHPREP.ORG learn how to apply this technol-
MANAGEMENT ASSOCIATION CONTACT: LIESE BRUNNER AT 800/940-6039 EXT.
MID-YEAR CONFERENCE ogy at your organization.
1355 FOR REGISTRATION INFORMATION, AND SCOTT
Alexandria, Va. FACKERT AT 916/932-1416 FOR SPONSORSHIP WWW.IWCEEXPO.COM/IWCE2011/PUBLIC/ENTER.ASPX
The conference provides a INFORMATION.
forum to discuss important is- WWW.EMERGENCYMGMT.COM/EVENTS
sues in the fields of emergency
management and homeland
security.
WWW.NEMAWEB.ORG
8
10. Point of View
Reaching Younger Audiences
Creating the “culture of preparedness” that the emergency at that age,” said Patti Thompson, communications manager
management community talks about can only truly be achieved for IEMA. “So it just seemed like the video game route was
by making disaster preparedness second nature to citizens. something new to do, a new direction to go.”
When I think about instilling lessons in people’s lives, that Thompson said the agency was going to work with the Illi-
means starting when they are young and ingraining them with nois State Board of Education to get notices sent to teachers
the necessary skills and knowledge. to make them aware of the game, with the goal of teachers
However, reaching younger audiences can be difficult. implementing it into their curriculum.
Although many children are eager to learn about disasters IEMA seeks to keep children’s interest through an online
— images of snowstorms, tornadoes, etc. can leave a lasting leader board that tracks players’ best times. “They play it
impression — the message on how they can prepare not only through once, and it’s pretty much a learning experience the
themselves but also their families is something that needs to first time through,” Thompson said. “Then they can play it
be reiterated. But finding the best way to repeat that message over and over, and there’s a clock that times how long it takes
in a fun yet informative way can be difficult, and that’s why the them [to complete] each segment.”
message should be taught through means that children enjoy Illinois isn’t the only agency hoping to spread prepared-
and find engaging — like video games. ness messages through video games. The American College of
When I think about instilling lessons in people’s lives, that means starting when they are young
and ingraining them with the necessary skills and knowledge.
In November 2010, the Illinois Emergency Management Emergency Physicians is using a U.S. Department of Home-
Agency (IEMA) released The Day the Earth Shook, a video land Security grant to develop the video game Disaster Hero.
Best Public Safety/Trade
game that uses an earthquake scenario to demonstrate the The project is expected to be completed this year, and will focus
2009 Maggie Award
need for a disaster supply kit as well as to identify safe loca- on what to do before, during and after a disaster. According to
tions in a building during an earthquake. To make it accessible a statement, the game will target multiple audiences, including
to everyone in the state, IEMA posted the game on its Ready children, early teens, parents, caregivers and teachers.
Illinois website, www.ready.illinois.gov. The Day the Earth By packaging the disaster preparedness message in a form
Shook targets middle schoolers, an age group for which the that children already enjoy, IEMA and the American College
agency lacked a preparedness messaging program. of Emergency Physicians are on the right path to starting the
2010 Magazine of the Year
Top 3 Finalist “We knew that we needed to do something that would be culture of preparedness for younger generations. k
Less Than $2 Million Division fun, but they’re too old for coloring books and activity books
Elaine Pittman
Associate Editor
Questions or comments? Please give us your input by contacting our editorial department at editorial@govtech.com,
or visit our website at www.emergencymgmt.com.
10 L E A D , F O L L O W O R G E T O U T O F T H E W AY.
11. Serve. Learn. Lead.
AMU offers respected online degree programs designed for students who want to advance
their career. Our Fire Science and Emergency and Disaster Management programs are among
76 online degree programs for those who wish to serve, learn, and lead as an Emergency or
Fire Services Manager.
FoHE accredited/FESHE compliant.
2009 International Association of Emergency Managers (IAEM) recipient of:
• Academic Recognition Award, Emergency & Disaster Management Program.
• Student Council Chapter of the Year, APUS International Association of Emergency Managers Student Association (IEMSA).
LEARN MORE AT OR CALL
amuonline.com/public-safety 877.777.9081
American Military University is a member institution of the regionally accredited American Public University System
12. In the News
Nearly a decade after the 9/11
terrorist attacks, in December
2010 counterterrorism officials
said they had made it easier to
add individuals’ names to the
terrorist watch list. The second
iteration of the Terrorist Identities
Datamart Environment was
scheduled to be launched in
January — the first version went
live in 2005 — and new criteria
says that a credible, single-
source tip can lead to a name
being added to the watch list.
Approximately 440,000 people
are on the list, which is a 5
percent increase over 2009, The
Washington Post reported.
Although a majority of the names
on the watch list are of non-U.S.
citizens, law enforcement and
intelligence agencies are
ramping up efforts to thwart an
PHOTO COURTESY OF ANDREA BOOHER/FEMA
increasing issue: terrorist threats
from U.S. citizens. The issue is
explored in this month’s cover
story on page 28.
12
13.
14. ADVERTISEMENT
Managed Emergency
Communications Systems
Functional Requirements for Next Generation MNS
Berkly Trumbo, Siemens Industry Inc. considering a holistic approach to mass from their emergency communications
notification. Emergency Management systems is but a fraction of the capability,
Functional Requirements for professionals have been left with a complex the whole truly being greater than the sum
Next Generation MNS array of disparate systems to use when of its parts.
While the latest update to NFPA redefines seconds count the most.
Mass Notification as “Emergency A managed systems approach to emergency
Communications Systems (ECS)”, the end communications systems is becoming a
user community is formulating expectations Communication is the backbone popular topic between IT, Facilities, and
related to the future functionality of today’s of effective emergency management. Public Safety stakeholders. A site audit of
alerting solutions. a campus footprint can reveal a wealth
Being able to reach everyone in a
of network devices that are capable of
Numerous best practices have surfaced
timely matter with the proper delivering an emergency message but
since alerting technology began its rapid, information is the key to making the are not configured to do so. Thinking of a
main stream adoption and the NFPA is right decisions and mitigating variety of end point devices as underutilized
looking to incorporate pressure tested negative outcomes.” assets, one can ask the crucial question
protocols in the new code. The latest “how do I make marginal adjustments that
-Lt. M. Smith Tennyson Commander,
updates refer to “wide-area” and “distributed will yield exponential returns related to
Governmental Security
recipient notification” in addition to St Johns County Sheriff’s Office
functionality?” LCDs, sirens, LEDs, desktop
building notifications. Wide area being the computers, and the ever-present fire panel
geography surrounding a building on a are but a few examples of devices that are
particular campus and distributed recipient Leveraging the Network for Premise only serving in a fraction of their capacity.
notification as “expanded beyond the Based Solutions
facility and the area, to be accomplished A popular model which comprises the The response which serves this
through means such as telephone calls, text foundation of most Mass Notification question best is to use a premise based
messaging, and emails”. Systems currently deployed is a web-based, solution, bundling all end point devices
multi modal offering residing completely under a single managed emergency
So far, colleges, corporations and outside of the IT infrastructure of a business communications architecture effectively
government entities have made significant or campus. This model is based on sound creating a system of systems.
investments in technology platforms and logic considering continuity of operations
end point devices towards a goal of safer, planning but many times, the IT network Consolidating Command and
more secure campus environments but on-campus is one of the institution’s Control Communications
still have not solved all critical messaging greatest IT assets. It is common for CIOs A managed emergency communications
challenges. As an industry, emergency to invest a large percentage of their system can include web based alerting as
communications has vaulted forward from overall budget into the infrastructure and one part of a holistic approach to critical
the days of single tone sirens but new oftentimes buildings are so “wired” that the messaging. To date, volume has been the
gaps in functionality are appearing when degree of functionality end users are getting underlying theme of mass notification
15. ADVERTISEMENT
but we are moving towards a blended requirement of scalable users more options regarding a consolidated approach to critical
functionality to include accuracy and granularity in campus communications and incident management professionals are
communications. Emergency Management professionals have seeking scalable solutions which will make the most of past and
identified the need to have a laser focus after delivering the first future investments.
wave of warnings. Pinpointing a building, floor, or office/classroom
offers a unique value proposition when considering scenarios About Siemens Industry Inc.
wherein conditions affecting the people inside a structure are For more than 110 years, Siemens
changing or are different for one location versus another. Having a has been a leader in building controls innovation, fire solutions,
single user interface which manages all end point devices and allows and security systems. With 400 locations throughout North
direct communications with predefined groups or one particular America, Siemens
modality will prove to be an invaluable feature of future message is positioned to provide customized services and support for our
management. clients’ specialized needs. For more information visit
www.siemens.com/ keyword “Sygnal”.
Conclusion
Experts agree that the right technology mix can act as a force
multiplier in incident management. Well constructed plans and About the Author
highly capable individuals are doubly effective when given the Berkly Trumbo is a Mass Notification Systems (MNS) specialist
correct tools to utilize during an emergency. with responsibility for Florida and the Caribbean related to
emergency communications technologies. Mr. Trumbo can be
Emergency communications systems are evolving towards a reached at berkly.trumbo@siemens.com or 954/ 364-6820.
managed system model as opposed to a collection of disjointed,
boutique applications. Advances in technology are affording end
ass noti ation in a oor i ing
safety net or networking nightmare?
Sygnal™ mass noti cation gives you a complete range
of products for any project.
In critical moments, your customers need to send messages with con dence, and they rely on you to choose the
right spec for their needs. Sygnal mass noti cation is industry-leading technology you can specify for every customer,
whether it’s a single building or a complex campus. Sygnal gives customers the ability to reach people inside, outside
and at their side, for maximum contactability when it matters most. ou get the con dence of recommending the
best they get the con dence that they can reach them all. usa.siemens.com/buildingtechnologies
Answers for infrastructure.
16. EM Bulletin
Rebuilding Critical Infrastructure
CONSTRUCTION IS UNDER WAY on Maine’s seventh
and largest high-tech bridge, replacing standard concrete and
steel construction with a lightweight and portable carbon-fiber
tube structure. The new technology is designed to ward off
corrosion, double a bridge’s structural lifespan, and signifi-
cantly reduce construction time and repair costs.
Off-site, carbon-fiber tubes are inflated, shaped into arches
and infused with resin to harden them. The tubes are then
moved to the foundation’s location and filled with concrete,
PHOTO COURTESY OF THE MAINE DEPARTMENT OF TRANSPORTATION
producing arches as strong as steel. The arches are then
covered with a fiber-reinforced decking and buried under
several feet of sand.
The carbon fiber protects the resin from harsh weather
and extreme climates, which safety experts say is the greatest
cause of bridge corrosion. In standard steel bridges, de-icing
road salts and saltwater infiltrate the concrete and corrode the
steel bar, which causes it to expand and crack the concrete,
weakening the bridge.
The design was developed by the University of Maine
Advanced Structures and Composites Center and has been
named “bridge in a backpack” technology because its com-
ponents are lightweight and portable.
Tapping Solar Power
A NORTH DAKOTA electric cooperative turned to
an alternative energy source to provide power to Sheridan
County ranchers whose power was knocked out by an April
2010 ice storm. The storm dropped nine inches of snow on
Bismarck, knocking out power to thousands in the central
and southwestern regions of the state and caused more than
$33 million in damage mostly to utilities, according to a
request for public assistance filed by then-Gov. John Hoeven.
Rather than rebuild a section of transmission line that
provided power to the ranchers’ pasture wells, the Verendrye
Electric Cooperative installed two solar power sites capable
of generating 470 watts. The installations in McHenry and
Sheridan counties were funded with $11,201 in FEMA haz-
ard mitigation grant money. FEMA estimated that $29,000
PHOTO COURTESY OF BRIAN HVINDEN/FEMA
was saved compared with the cost of reinstalling the approx-
imately mile-long power line.
“In lieu of building in new power lines to a remote site to a
pasture well, if it’s summer pasture, we’ll put in solar instead of
building in a power line,” said Randy Hauck, member services
manager for the Verendrye Electric Cooperative, “because we
can do that at a cheaper cost than building in the power line,
and it provides the same service.”
16
17. Security Search
NEBRASKA LAW ENFORCEMENT OFFICIALS are
implementing a search platform to connect to 17 different
law enforcement data sources including records manage-
ment and computer-aided dispatch systems. Instead of sift-
ing through information by hand — which is what staff at
the Nebraska Information and Analysis Center (NIAC)
currently do — NIAC awarded a contract to Memex for its
Patriarch platform, which will help officials search disparate
databases across the state with a single query.
The platform provides the bridge between law enforce-
ment officers and private-sector partners who see something
PHOTO COURTESY OF NEBRASKA INFORMATION ANALYSIS CENTER
suspicious and the fusion center analysts who vet and store
the data, or pass it along as appropriate. NIAC awarded a
contract to Memex at a cost of just under $3 million for
implementation of its Patriarch platform in May 2010. The
implementation is ongoing.
“Within the state, we’re defining agencies that are willing
to share information with us,” said Kevin Knorr, captain of
the NIAC, “and then we go out and set up a mirrored server.
We put it in their facility, a mirrored server that extracts that
information, which they will allow or will share with us or
the fusion center. Then that information is indexed through
the Memex server [and] provided as a response to a query.”
Cyber-Security Monitoring
STATE AND LOCAL governments are closer than ever to
having a single view available of the cyber-attacks and security
vulnerabilities they face, thanks to groundbreaking work by a
cross-sector organization that’s bringing them together.
PHOTO COURTESY OF THE MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER
The nonprofit Multi-State Information Sharing and Analy-
sis Center (MS-ISAC) is on the cusp of significant growth, said
the organization’s chair, Will Pelgrin, in November 2010. And
new participants will be able to use a threat-monitoring center
recently launched by the MS-ISAC that will give state and local
governments better security intelligence in near real time.
By June, 14 states, seven local governments and one U.S.
territory will have their active threat monitoring done at
the new MS-ISAC operations facility, Pelgrin said. In 2003,
MS-ISAC began with just a handful of participating govern-
ments. Now all 50 states and many local governments have
partnered at some level with the organization.
The center’s mission encompasses threat detection, pre-
vention and protection, and recovery for state, local, terri-
torial and tribal governments. The organization has made a
real-time dashboard of top cyber-threats available online.
Emergency Management 17
18. Major Player By Jim McKay
James Demby
Senior Technical Adviser, FEMA
James Demby is the senior technical and policy
adviser and program manager for the FEMA
PHOTO BY DAVID KIDD
National Dam Safety Program. He advises
Sandra Knight, FEMA’s deputy federal insurance
and mitigation administrator for mitigation, on
matters pertaining to national dam safety.
Demby is a professional engineer registered
in Virginia and has worked for the U.S. Army
Corps of Engineers. His work for the corps
included geotechnical design projects; analysis federal perspective. Then you have state dam safety Alabama — although it does not have a legis-
of military construction; and civil works projects representatives who bring expertise from the state lated dam safety program — has begun actions
such as barracks complexes, military family perspective, and you have representatives from the over the last couple of years to identify the state’s
housing projects, hazardous waste sites, highway private sector. You bring in these experts to look dams, and to establish, inventory and provide that
bridge foundation design, federal navigation at dam safety issues from a national perspective. information to the National Inventory of Dams.
channels, and levees and flood
control structures. The state is taking steps toward getting a program.
One state doesn’t have a dam safety program. The first step is getting a sense of what the need is.
What’s the significance of that?
What is the role of the National Dam In Alabama dams are regulated by the state. What about the lack of knowledge of the people
Safety Program? That means they’re not being inspected, and across the country who live below dams, in
The purpose of the Dam Safety Program is to there’s not a requirement for emergency action terms of the danger they’re in?
reduce the risk to life and property from dam planning for high hazard-potential dams. That We provide national assistance grants to state
failure; that’s the short answer. Part of that is means that within the state, they don’t necessarily dam safety programs. The hope is that they
bringing together expertise and resources from have a good sense of the hazards that dams poten- will coordinate with local and state emergency
federal and nonfederal communities. In the tially pose to people downstream. managers to identify the risks within their state,
Dam Safety Program we have participation from By not having a dam safety program that’s legis- and with that coordination with the state dam
various federal agencies that have some type of lated by the state, it can’t participate in the National safety officials and emergency managers, develop
role in dams — in ownership, regulating dams Dam Safety Program, whereby FEMA provides state specific strategies within their state to address the
or building dams; they have some role from the assistance grants that go to dam safety activities. dangers. One area within the Dam Safety Program
18
19. ass mergency lert otify
Broadcast 360° Respond to any hazard Six different Follow with live
voice and warning whether man-made or powerful, public address
up to a one mile natural. penetrating tones or up to 16
radius. demand attention. prerecorded
messages.
Mass notification systems from Whelen Engineering
provide the critical difference in warning using a
two step approach by alerting and communicating
with voice messages. This instant delivery of
critical information throughout an identified
sector will eliminate confusion, restore order
and save lives.
A Whelen team of professionals stands ready
to provide you with an engineered plan based
on your unique requirements using acoustic
surveys and system planning. All Whelen
products are designed and manufactured in
America and known worldwide as the most
reliable, up-to-date warning systems.
® 51 Winthrop Rd.
Chester, CT 06412
800-63SIREN
ENGINEERING COMPANY, INC. Fax 860-526-4784
www.whelen.com
American Employees, American Manufacturing, American Pride!
20. Major Player
Hoover Dam is considered to be one of the top 10
construction achievements of the 20th century.
is public awareness. That’s one of the functional state and the number of dams nationally that fall
activities identified in the National Dam Safety under the National Inventory of Dams.
[Program] Act. One concern that’s been raised from the states
That’s one of the things we realized we need is that it might be more effective if the money is
to improve on with the Dam Safety Program based more on risk as opposed to just a straight
— providing more of an outreach strategy to formula based on the number of dams. That way
communicate the risk from a broad perspective you make sure the federal investment is going to
[of the dangers] to populations downstream of the areas that have the most risk.
dams. On our current grants that we put out for
2010, we have some language to try to address the What areas are most at risk? Do people in those
gap in awareness of dangers downstream. One of areas know how at risk they are?
the initiatives in the 2010 state assistance grants The states are the front line for dam safety
was to encourage state safety officials, once they because 85 percent of the nation’s 83,000 dams are
identify dams that are unsafe or at risk, to coor- regulated by states. With that said, state officials
dinate and provide that information to state and should have a good understanding of the dams
PHOTO COURTESY OF HOOVERDAMBYPASS.ORG
local emergency managers and local decision- that are at risk in their states.
makers, like mayors or city council members, so It’s imperative that state dam safety officials
they’ll have the situational awareness of a dam communicate that information and work with
that poses a threat to a community. state and local emergency managers so that there
is good situational awareness at the state and local
You’ve said money probably should be distrib- levels of dams that potentially threaten popula-
uted differently. Can you elaborate? tions downstream.
Currently money is distributed based on the From a national perspective, that is information
language in the Dam Safety Act, and that’s based we don’t collect as part of the National Dam Safety
on a distribution of the number of dams in the Program. With the National Inventory of Dams, what we do have is information on the hazard-
potential classification. But that’s not really a risk-
based classification. It’s a classification on: If the
dam fails there is — say, for high-hazard classifi-
Demby holds a framed photo of the Fort cation — probably loss of life. Significant hazard
Peck Dam taken by Margaret Bourke-
White. The Montana dam was featured on potential means if that there’s a dam failure there
the first cover of Life magazine in 1936. would be substantial economic impact down-
stream. There’s a low-hazard classification; that is
if the dam fails, there would be no impact to life
or property. But those are not risk-informed clas-
sifications; they’re based on consequences.
How concerned are you about the threat of a
terrorist attack on the nation’s dams?
The Infrastructure Protection Office in the
Department of Homeland Security primarily
addresses the terrorist threat. The whole dam
sector is broken down into two parts: FEMA has
the responsibility of dam safety and DHS specifi-
cally looks at the security side — so they’re more
focused on the terrorist-sabotage area.
With that said, as far as the critical infrastruc-
ture and the sectors identified as part of the crit-
ical infrastructure, dams are one of the critical
infrastructure areas, so there is great concern. We
PHOTO BY DAVID KIDD
want to make sure that there is a national frame-
work and approach to make sure that our critical
infrastructure is being hardened and protected
from terrorist threats. k
20
21. You are there to
protect them.
We are here to help you.
As an emergency management professional,
your job is to help protect them. If the worst
happens its your job to help them get their
lives back.
We call it resilience. And we’re your resilience
partner.
o other rm has the depth of e perience or
the breadth of services and technologies to
help you achieve community and organization
resilience. We can help you prepare, respond,
communicate and recover.
Find out more about how O’Brien’s can be
your resiliency partner at:
www.obriensrm.com
Call us at 281-3209796
Email us at email@obriensrm.com.
Prepare. Respond.
Communicate. Recover. obriensrm.com
25. to protect itself against such attacks. Estimates a malicious computer worm found its way The system would work by analyzing the vec-
vary as to the exact cost of cyber-crime, but in into an Iranian nuclear plant after infecting tors where cyber-attacks could occur, typically
a 2009 speech, President Barack Obama put the thousands of computer systems worldwide. the points at which a private network connects
2007-2008 combined total at $8 billion. The incident, caused by a malicious software to the Internet.
The sources of cyber attacks take many forms,
from individual unauthorized hackers access-
ing private networks, criminal groups seeking “Private industry has been dragging its heels for years on
monetary gain, to individuals or terrorist orga- this, and it’s something that has to be done.”
nizations attempting to break into critical data — JEFFREY CARR, CYBER-SECURITY EXPERT AND AUTHOR OF INSIDE CYBER WARFARE
networks to threaten national security, perhaps
even cripple the economy. It is this last category
that poses the greatest national threat. program called Stuxnet, made it glaringly But when news of the program leaked last
So-called botnets are a particularly danger- obvious how vulnerable the world’s critical July in The Wall Street Journal, not everyone
ous security threat because they can remain computer networks really are, and perhaps viewed Perfect Citizen as an asset. Instead, pri-
nearly invisible while siphoning data to a new more importantly, just how difficult it can be vacy watchdogs and consumer groups viewed
destination. These intrusions focus on stealing to find the source of malicious programs. The the program as providing the nation’s lead-
intellectual property, rather than taking down exact origin of the Stuxnet worm has never ing eavesdropper with another opportunity to
networks. Perhaps the most malicious form of been discovered, but its ferocity — along invade individuals’ privacy.
cyber-attack seen so far is the denial of service, with its surreptitiousness — sent shock waves The NSA, long known for its eavesdropping
which is when hackers send repeated requests through the federal agencies charged with activities, responded to the report by denying
to a network to overload and shut it down. preventing such attacks and showed the pri- that Perfect Citizen involves any monitoring
Reports of cyber-attacks over the past few vate industry just how little is known about activity or places sensors on networks, as the
years illustrate the seriousness of the problem securing the nation’s infrastructure. story asserted. Rather, the NSA countered that
and its potentially devastating impact on private the program is simply a way for the agency to
industry and public safety. While more than 100 New Approach, New Controversy assess a network’s vulnerabilities.
countries can launch cyber-attacks, China is con- The most recent approach to protecting Carr argues that people misunderstand
sidered the greatest threat to the United States, U.S. infrastructure from cyber-attacks came in Perfect Citizen’s goal. The program, he said, is
and relations between the two countries have the form of a new program from the National providing long-overdue, much-needed security
become fraught with hostility and suspicions Security Agency (NSA). Called Perfect Citizen, on critical infrastructure. “I consider it more or
over cyber-security. According to Chronister, the program is intended to monitor threats to less a housekeeping issue, not widespread sur-
Russia is considered an increasing threat as well. the country’s infrastructure, including electrical veillance,” he said. “This is a program to test the
In March 2008, according the Critical Infra- networks, nuclear power plants and transpor- vulnerabilities of a network. Private industry
structure Protection report, the Department tation systems, and to trigger an alarm in the has been dragging its heels for years on this, and
of Defense and other federal agencies and event of an impending intrusion. it’s something that has to be done.”
contractors reported that their computer net-
works were targets of intrusion, and the attacks
appeared to have originated in China. The threat of cyber-attacks in the United
PHOTO COURTESY OF RICHARD O’REILLY/ FEMA
In 2009, North Korea was suspected of an States has been increasing and could
cause widespread blackouts.
attack that started July Fourth weekend and
took down the Web servers of the U.S. Treasury,
Secret Service and Federal Trade Commission,
among others. (South Korean government Web
servers were hit at roughly the same time.)
And in 2010, it came to light that more than
30 private companies, many of them in Silicon
Valley, had experienced intrusions of their data
networks. Of those companies, Google said it
had been the victim of a “highly sophisticated
and targeted attack on our corporate infrastruc-
ture originating from China that resulted in the
theft of intellectual property from Google.”
But perhaps the most dramatic example
of a cyber-attack came last summer when