Question 1: Emergency Management is largely undertaken by local governments. Can these governments legitimately obtain the most up to date technology and compare for the best employees? If not, what other approach to emergency management do you recommend and why would it work? If so explain how.
The truth about Emergency Management is that it is not only undertaken by local governments. Every people who may benefit or be affected by the current and present mitigation, preparedness, response, and rescue procedures of the in-charge emergency management department are actually involved in the emergency management. Without these people, who in times of disasters and catastrophes, may commit themselves as local volunteers, the effects of the efforts of local governments, no matter how richly-funded and organized they are, will be greatly minimized. This is actually a common misconception among inexperienced people in the discipline of emergency management. With the combined efforts of the officials of the emergency management department and other official branches of the local government, and the natives who are willing to be trained for disaster prevention and mitigation measures, and cooperate, the emergency and disaster programs enforced for the safety of these people themselves will be greatly optimized. At least, the burden of the local emergency management organization will be minimized. With the locals on their side, willing to volunteer and cooperate, should a period of crisis start, the local government won’t have to be very much concerned with acquiring more funds and other resources for human resources because they have every human resources that they will probably need.
There are a lot of literatures that can prove that an emergency management department backed by a local government that has the capability to utilize and mobilize all the available resources in the community can more effectively do its duties in all phases of emergency management: the mitigation, preparedness, response, and recovery phases. Now, there are tons of ways how emergency management organizations or departments could further enhance their efficiency and effectiveness in fulfilling their duties as such. Such can be made possible through the melding of emergency management and technology. It can be accurately assumed that the level of technology that an emergency department utilizes for its programs in all four phases of emergency management is directly proportional to its effectiveness and efficiency in accomplishing such. Meaning, the more updated the technology that an emergency management department can utilize, the more effective and efficient it can be in reducing hazard risks, responding to emergency situations such as when the community has been recently devastated by a recent disaster or worse, a catastrophe, etc. Communication has long been an important aspect in emergency management. It is a critical component of any emergency management operation because communication enables every member of the team to coordinate with each other. It is then the quality of their coordination that determines the success of the current operation. An execution of an emergency operation that is poorly coordinated may automatically be considered a failure compared to an emergency management operation that is highly coordinated. Thanks to the availability of the latest communication devices, members of different emergency management departments are now able to do their duties, even those that have a high level of team coordination as one of the indicators of success. Radios, portable telephones, and cellular phones are some of the most common and easily-acquired technological devices that can be used to further improve the outcomes involved in emergency management. Of course, there are a lot of areas in emergency management that could be further enhanced with the use of more advanced technologies. In fact, almost every area in emergency management can be made efficient and more effective if only they have access to the latest technologies. Again, the updated-ness of the technology being used in the emergency management department is highly dependent on the capability of the local government to provide the necessary funds and other resources to acquire such technologies. Usually, it all boils down to these two qualities: financial stability and level of influence. A more financially-stable local government can definitely provide more for the different departments that it handles, including the emergency management department. A local government lead with a higher level of influence on the other hand can have more options that he can consider in acquiring the technology he wants his local emergency management department to make use of. However, there can be times wherein these two ideal qualities of a local government may not be necessary. If the local government leaders are resourceful, then their lack of resources should not hinder them to acquire the technology and hire the employees that they need for their emergency management department. There are literally a lot of ways to solve different puzzles in emergency management even when facing problems like lack of resources, and low levels of influence in the national government. The expertise of the emergency manager can also be a key factor here. Usually, an emergency management department operates autonomously from the local government. It does not impose rules, policies, and actions during emergency and non-emergency situations. It does not have direct control over things even in an emergency situation. It can however advice and help coordinate different local government and community functions, especially the ones that are correlated with emergency management.
Question 2: Utilities such as water, natural gas, and electricity are considered the lifelines of the United States and its Economy. Are they vulnerable to terrorist attacks or natural disasters? How can they be protected and secured?
Natural resources such as water, natural gas, and electricity are some of the most important things that run a nation. A nation without a stable water supply, source of natural gas, and means to produce the amount of electricity required to at least power the key infrastructures in the country is a doomed nation. The ones who will be first affected are the citizens. An average human being can only survive for up to two days without drinking water. A nation’s energy-dependent transportation system will surely be paralyzed once oil and natural gas supplies are cut due to excessively high demands and low supplies. Lastly, local government units, and federal organizations, including the emergency management departments will have a very hard time doing their job to response to any threat to the welfare and security of the members of the community if there is a massive blackout going on in their respective city. The United States and its Economy will really be crippled. Perhaps this is the reason why it can be considered a very practical idea for an assailant group with malicious intentions to attack the resources that the U.S. considers as its lifelines first before anything so that they will be more vulnerable to emergency situations like a terrorist attack or even an invasion. No matter how complicated the homeland security and emergency management procedures in the United States are, there is still some chance that it will be infiltrated by a malicious entity and become affected. One example would be the coordinated terrorist attacks that all happened within the United States in the 11th of September 2001 which was over a decade ago. The United States has been utilizing an All-Hazards Approach when it comes to Emergency Management in the last 20 years.
In that approach, the Emergency Managers develop different processes that are not just related to a single hazard or threat but rather to a wide range of common threats or those that are more likely to happen. In a way, this can be considered an advantage but there are definitely some areas of concern that the national government leaders may want to consider.
Again, let us use the 911 bombings as an example. It was clear that the whole United States did not expect such brutal even to happen all in one day. The All Hazards approach has been functional for some 10 years during that time. Even though the All Hazards approach was originally implemented to make the emergency management processes more suitable to practically new and unexpected events such as the coordinated terrorist events that happened during the 9/11 bombings, the security was still breached. In the end, the approach that the U.S. emergency and security officials believed could protect the U.S. from unexpected threats and emergencies did not meet their expectations. This is actually one of the disadvantages of the All Hazards Approach that they have been implementing for years in their emergency management processes. Because it can be considered an integrated approach in handling common processes, it usually creates conflict with non-emergency management regulatory organizations which also require a particular type of threat or hazard intervention. Examples of these situations include disease outbreaks, and terrorist attacks. Because of the conflict created by the emergency and non-emergency regulatory bodies, their ability to response more swiftly and appropriately to some novel hazards or threats may be impaired, leaving the United States, including its lifeline resources more vulnerable to attacks from terrorists and other malicious entities. However, one good thing about the Emergency Management System in the U.S. is that it is structurally decentralized. Threats, hazards and emergencies are classified based on different levels. For example, a simple hazard or threat that may a particular community only can be considered as a local hazard or threat in which the local management becomes in-charge. However in instances wherein the nation’s security may already be compromised such as when there is a possibility of a terrorist attack, national-level entities such as the Federal emergency Management Agency and the Department of Homeland Security, etc. may already intervene. Dramatic changes in emergency and security protocols in the U.S. have also been made ever since the 9/11 bombings. It is now harder for non-U.S. citizens to enter the country because of the new strict screening processes, some of which were not even present before. In reality, a malicious entity or an assailant will have to go through a lot of tight security protocols before even being able to engage his target. Therefore, at its current state, the U.S. can definitely defend its lifeline resources from any external hazards or threats such as a terrorist attack. But then again, there is still some chance, a minute chance, that it will be infiltrated despite the recent developments in its emergency and security management procedures.
Question 3: Below is an article on “Flame”. After reading the article, answer the following questions:
a. Flame’s actual target
There is no strong and clear evidence that could prove who the target of this Spy Malware is. However, experts from the Russian-owned Antivirus firm Kaspersky Lab stated that the Flame infections were mostly confined to computer machines from Iran, United Arab Emirates, Syria, Sudan, Israel and their remotely occupied territories, and selected countries in North Africa and the Middle East. A significant percentage of these countries are Muslim-states and are rich in natural resources such as oil and uranium. Another common characteristic among the said infected countries is their involvement in the research and development of various uranium-enrichment programs. Iran by far has the most number of reported incidences of Flame infection. Most of the infected computers from Iran are under the jurisdiction of the Iranian National Oil Company and the Iranian Oil Ministry. The Flame Spy Malware is actually designed and built to collect a wide range of information—ranging from the common to the most confidential ones, from the infected machine. The collected information and date are stored somewhere in the infected computer’s drive and can be forwarded to any of the designated Flame command and control centers. According to experts from Kaspersky Lab, Flame is a highly complicated and sophisticated virus and testing and fully understanding the nature of the virus could take at least 10 years. However, for the meantime, there is still no clear evidence who the target of this highly dangerous and threatening malware is. Some experts believe that it has been released just two years ago because of the nature of the codes used to create the malware while there are also experts who think that it has started infecting computers since 2007. By looking at the common characteristics of the infected machines who have been detected by the Kaspersky Lab, we could still draw a logical speculation that there is a possibility that Flame targets machines that possibly contains vital information about different nation’s lifeline resources such as oil and, and also those that are about the progress and development of their uranium-enrichment program, if they have any.
b. Who created and released it?
As of now, the creators of Flame cannot be fully identified. But there are indeed some assumptions and speculations going on. Experts from Kaspersky Lab tried to compare the most recent large-scale malware attacks (Stuxnet and DuQu) to the current case about Flame-attack. After carefully reviewing Stuxnet and DuQu, malware experts have come to the conclusion that these two viruses, which are precedes the Flame in terms of the sophistication and complexity of the codes and modules, have a lot of similarities leading to another conclusion that they were made by the same group of programmers. Later on, it has been discovered that the group of programmers who created the modules and basically everything that can be found in Stuxnet and DuQu’s codes was hired by the confidential agencies from the United States and Israel. The malwares were allegedly created to sabotage the different materials that are being used in Iran’s public and top secret uranium enrichment program. Upon checking the nature of Flame’s modules and on a more microscopic scale, codes, malware experts have discovered some similarities between Flame and its two malware predecessors which make it reasonable to think that the creators of Stuxnet and DuQu are the same ones who created Flame. If not, the creators of Flame may at least be involved with the ones who created Stuxnet and DuQu. Given the amount of valid and reliable data present about the nature of Flame, Kaspersky Lab said that it would really be hard to trace the creators of Flame.
c. Is the Flame attack counter-terrorism or anti-terrorism or neither? Why?
After reviewing the things that Flame can and cannot do, there is a big possibility that Flame has been created as an offensive advancement rather as an anti-terrorism tool. Firstly, it can infect a machine in a more advanced and highly sophisticated manner; even Kaspersky Lab is not sure how the creators of Flame manipulated the spread of the virus. They manipulated the spread of the virus in such a way that only the targeted machines will be infected. The malware gives them the ability to detect whether a machine is not intended to be attacked or otherwise. Secondly, Flame was designed to sniff and collect basically all types of information regardless of the level of confidentiality in that machine. It captures a screenshot of the machine once every minute when typical programs are opened; it captures a screenshot of the machine once every 15 seconds if high profile applications used for communication are used. Lastly, the malware gives the users the capability to swipe even the largest chunk of data inside the machine. With just one snap of a finger, the users can erase all the information inside the infected computer without leaving a trace. All these reasons support the idea that Flame has been developed as an offensive advancement rather as an anti-terrorism tool. However, some features of Flame can also be used to improve the anti-terrorism efforts of whoever created the malware. But given the amount of valid and reliable information about Flame, it is still a little bit early to know what really the intentions of its creators are.
