Transcript Let’s Get Real: Disaster Recovery and Business Continuity

Disaster Preparedness, Disaster
Recovery, and Business Continuity in
Public Safety
“Be Prepared: That's the motto of the Boy Scouts.”
"Be prepared for what?" someone once asked
Baden-Powell, the founder of Scouting, "Why, for
any old thing." said Baden-Powell.”
(Boy Scout Handbook, 11th edition, page 54)
Overlapping and InterRelated Responsibilities
Disaster
Preparedness and
Recovery and
Business
Continuity
Physical Security
Public Safety
Quality Assurance
Methodologies Cyber Security
Public Safety Scenarios
• Public safety entities have a more difficult
challenge
• Your IT DR/BC plan is intertwined with risk
scenarios
• You may be affected by the risks of a given
scenario and your IT plan must address those
risks appropriately to maintain operations
• You also have a role in response to the
scenario so the events will affect your
operational requirements
Scenarios Overview
• Threat driven geographic circles of impact
• Kinds of threats and events
• Responsibility
– What will you do, what is shared, what do others
have to do for themselves
• Tolerance for risk and uncertainty
• Lesson learned: if you have a well known
and documented local risk:
– Have a real plan or get ready for a career
change…
Start With A Readiness
Dashboard
• All aspects of the plan, testing, and
implementation should be scored simply
(Red, Yellow, and Green)
• Key indicators of planning and readiness
need a dashboard to enable assessment
and action
– Score or status
– Trend
– Key issue
Engage the Policy Makers
• Executive, legislative, and judicial
– Those who hold the seat and those who
actually make the decisions…
– Go below the top level to ensure clarity,
alignment, and redundancy
• EOC designees
• Emergency authorizers and authority—
decide how you will bust though red tape
and bottle necks when it is needed
First Steps
• Leadership: clarity, alignment, and
commitment
• Authority or consensus?
• Stakeholders roles and responsibilities
• Be clear about risk tolerance
• Applications and IT assets inventory
– If needed, dust off and update your Y2K work
• Good data on plan status, readiness, test
results, response, and compliance
First Steps
• Make a friend in accounting—actuarially
accurate threat scenarios are more likely to
be funded as risk and cost can be properly
balanced
• Review existing plan or make a plan
• Borrow or buy a template
• Review peer plans and conduct site visits
• Communicate until it hurts
Know How Non-Governmental
Organizations Fit In
• Media
– Broadcast and satellite
• Emergency Broadcast System Members
– Print
– New media
• The Web
– Government site mangers
– Commercial site managers
– Citizens and bloggers
– Self-organizing communities (e.g. Craig’s List)
Know How Non-Governmental
Organizations Fit In
•
•
•
•
Charities
Businesses and business associations
Community organizations
Vital private services (hospitals, nursing
homes, etc. )
Nail Down Your Critical
Functions
• Law and order essentials (people, mobility,
tools, survival basics, etc.)
• Communications
• Personnel management (policies,
scheduling, notification trees and systems,
counseling, etc.)
• Data and the connections to data and people
• Transactional systems
Nail Down Your Critical
Functions
• Rescue and response
• Pipeline to the health care system
• Building/location/hazmat information for fire
and first responders
• Justice processing and incarceration
• Dispatch
Nail Down Your Critical
Functions
• Records
• Mobility
– Devices and local storage if communications are
intermittent or fail (e.g. mobile maps and
databases)
• Know what you can actually cover (and what
you are just waiving your hands at and
hoping it either works or is never needed)
IT Requirements
• What systems need to function
• How fast
– Maximum and optimum time frame for each
system or function to be restored
• How well
– Sometimes minimal functionality is sufficient
IT Requirements
• Where will it be used and by whom and
will the communications infrastructure
support it?
– Employees
– Users or beneficiaries
• By what priority will systems be restored
• The priority will be modified by what
contingencies
– E.g. a long term total evacuation changes the
operational needs for criminal justice systems
and personnel
Continuity and Disaster
Recovery Location Options
• Consider new kinds of mutual aid and
sister city/county/state arrangements
– Work with friends, colleagues, associations,
and vendors
– To match you with a comparable entities that
are located outside the various geographic
threat circles
– Who can mirror your IT operations (hardware,
software, operating systems, and culture)
People
• Force in depth—who is the backup to the
backup to the backup?
• Consider the actual health and physical
abilities and disabilities of a person when
assigning tasks for a disaster scenario
– The disaster is not the time to find out the
electrician in the hazmat suit has a heart
condition
• What family and personal duties may
interfere with performing official duties (e.g.
save your own kids or save a stranger)?
Systems
•
•
•
•
Daily operational
Interdependent systems
Emergency only
Identity security and access management
for physical and logical security
– Follow FIPS 201 for federal/state/local
interoperability
Integration
• Identify integration issues between:
– Internal systems and public safety entities
– Other governmental systems
– Related actors
– Non-governmental systems and processes
• Example: 911 and 311or its equivalent
– Normally separate but related
– Emergencies blur the line
– Co-location, cross training, and system
integration
Implementation and Triage
• Someone better be in charge
• Dispute resolution processes
• Who will be your Sensibility and Sanity
Checker (off site, not affected by the
disaster, and actually getting enough sleep
to make sound decisions)?
• Baton Rouge example with Mayor Holden
Think Third World
•
•
•
•
•
•
•
Hand crank your computers
Bike generators
Solar and wind power
Portable water purifiers
Emergency shelter
Runners and mountain bikes
Hand tools
Think New World
• Internet Protocol (IP) everything
– Bridge between radio, wireless data/WI-FI and
use each as IP conduits as needed
• Gigs of portable flash memory
• Satellite data and telephony
Think New World
•
•
•
•
Instant Message
Text and mobile email
Cell On Wheels/Boat/Balloon
Negotiate/legislate priority and bumping
rights in telecommunications provisioning
Conclusion: Essential Public Safety
Systems and Organizations Must
Be Disaster Resistant, Flexible,
Diversified, and Redundant
(Or We Are All In Big Trouble)
Contact Information
Richard J. H. Varn
Center for Digital Government
[email protected]