disaster preparedness, disaster recovery, and business continuity in public safety “be prepared:...
Post on 28-Dec-2015
214 Views
Preview:
TRANSCRIPT
Disaster Preparedness, Disaster Recovery, and Business Continuity in
Public Safety“Be Prepared: That's the motto of the Boy Scouts.”
"Be prepared for what?" someone once asked Baden-Powell, the founder of Scouting, "Why, for
any old thing." said Baden-Powell.”(Boy Scout Handbook, 11th edition, page 54)
Overlapping and Inter-Related Responsibilities
Disaster Preparedness and
Recovery and Business Continuity
Quality Assurance Methodologies Cyber Security
Physical Security
Public Safety
Public Safety Scenarios• Public safety entities have a more difficult
challenge
• Your IT DR/BC plan is intertwined with risk scenarios
• You may be affected by the risks of a given scenario and your IT plan must address those risks appropriately to maintain operations
• You also have a role in response to the scenario so the events will affect your operational requirements
Scenarios Overview
• Threat driven geographic circles of impact• Kinds of threats and events• Responsibility
– What will you do, what is shared, what do others have to do for themselves
• Tolerance for risk and uncertainty• Lesson learned: if you have a well known
and documented local risk:– Have a real plan or get ready for a career
change…
Start With A Readiness Dashboard
• All aspects of the plan, testing, and implementation should be scored simply (Red, Yellow, and Green)
• Key indicators of planning and readiness need a dashboard to enable assessment and action– Score or status– Trend– Key issue
Engage the Policy Makers
• Executive, legislative, and judicial– Those who hold the seat and those who
actually make the decisions…– Go below the top level to ensure clarity,
alignment, and redundancy
• EOC designees
• Emergency authorizers and authority—decide how you will bust though red tape and bottle necks when it is needed
First Steps• Leadership: clarity, alignment, and
commitment
• Authority or consensus?
• Stakeholders roles and responsibilities
• Be clear about risk tolerance
• Applications and IT assets inventory– If needed, dust off and update your Y2K work
• Good data on plan status, readiness, test results, response, and compliance
First Steps• Make a friend in accounting—actuarially
accurate threat scenarios are more likely to be funded as risk and cost can be properly balanced
• Review existing plan or make a plan
• Borrow or buy a template
• Review peer plans and conduct site visits
• Communicate until it hurts
Know How Non-Governmental Organizations Fit In
• Media– Broadcast and satellite
• Emergency Broadcast System Members
– Print– New media
• The Web– Government site mangers– Commercial site managers– Citizens and bloggers– Self-organizing communities (e.g. Craig’s List)
Know How Non-Governmental Organizations Fit In
• Charities
• Businesses and business associations
• Community organizations
• Vital private services (hospitals, nursing homes, etc. )
Nail Down Your Critical Functions
• Law and order essentials (people, mobility, tools, survival basics, etc.)
• Communications
• Personnel management (policies, scheduling, notification trees and systems, counseling, etc.)
• Data and the connections to data and people
• Transactional systems
Nail Down Your Critical Functions
• Rescue and response
• Pipeline to the health care system
• Building/location/hazmat information for fire and first responders
• Justice processing and incarceration
• Dispatch
Nail Down Your Critical Functions
• Records
• Mobility– Devices and local storage if communications are
intermittent or fail (e.g. mobile maps and databases)
• Know what you can actually cover (and what you are just waiving your hands at and hoping it either works or is never needed)
IT Requirements• What systems need to function
• How fast– Maximum and optimum time frame for each
system or function to be restored
• How well– Sometimes minimal functionality is sufficient
IT Requirements• Where will it be used and by whom and
will the communications infrastructure support it?– Employees– Users or beneficiaries
• By what priority will systems be restored
• The priority will be modified by what contingencies – E.g. a long term total evacuation changes the
operational needs for criminal justice systems and personnel
Continuity and Disaster Recovery Location Options
• Consider new kinds of mutual aid and sister city/county/state arrangements– Work with friends, colleagues, associations,
and vendors – To match you with a comparable entities that
are located outside the various geographic threat circles
– Who can mirror your IT operations (hardware, software, operating systems, and culture)
People• Force in depth—who is the backup to the
backup to the backup?
• Consider the actual health and physical abilities and disabilities of a person when assigning tasks for a disaster scenario– The disaster is not the time to find out the
electrician in the hazmat suit has a heart condition
• What family and personal duties may interfere with performing official duties (e.g. save your own kids or save a stranger)?
Systems
• Daily operational
• Interdependent systems
• Emergency only
• Identity security and access management for physical and logical security– Follow FIPS 201 for federal/state/local
interoperability
Integration
• Identify integration issues between:– Internal systems and public safety entities– Other governmental systems– Related actors– Non-governmental systems and processes
• Example: 911 and 311or its equivalent– Normally separate but related– Emergencies blur the line– Co-location, cross training, and system
integration
Implementation and Triage
• Someone better be in charge
• Dispute resolution processes
• Who will be your Sensibility and Sanity Checker (off site, not affected by the disaster, and actually getting enough sleep to make sound decisions)?
• Baton Rouge example with Mayor Holden
Think Third World
• Hand crank your computers
• Bike generators
• Solar and wind power
• Portable water purifiers
• Emergency shelter
• Runners and mountain bikes
• Hand tools
Think New World
• Internet Protocol (IP) everything– Bridge between radio, wireless data/WI-FI and
use each as IP conduits as needed
• Gigs of portable flash memory
• Satellite data and telephony
Think New World
• Instant Message
• Text and mobile email
• Cell On Wheels/Boat/Balloon
• Negotiate/legislate priority and bumping rights in telecommunications provisioning
Conclusion: Essential Public Safety Systems and Organizations Must Be Disaster Resistant, Flexible,
Diversified, and Redundant(Or We Are All In Big Trouble)
Contact Information
Richard J. H. Varn
Center for Digital Government
rjmvarn@msn.com
top related