Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
-
Upload
sirius1111 -
Category
Documents
-
view
215 -
download
0
Transcript of Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
1/24
Disaster Preparedness, Disaster
Recovery, and Business Continuity in
Public Safety
Be Prepared: That's the motto of the Boy Scouts.
"Be prepared for what?" someone once askedBaden-Powell, the founder of Scouting, "Why, for
any old th ing ." said Baden-Powell.(Boy Scout Handbook, 11th edition, page 54)
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
2/24
Overlapping and Inter-
Related Responsibilities
Disaster
Preparedness and
Recovery and
Business
Continuity
Quality AssuranceMethodologies
Cyber Security
Physical Security
Public Safety
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
3/24
Public Safety Scenarios
Public safety entities have a more difficultchallenge
Your IT DR/BC plan is intertwined with risk
scenarios You may be affected by the risks of a given
scenario and your IT plan must address those
risks appropriately to maintain operations
You also have a role in response to the
scenario so the events will affect your
operational requirements
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
4/24
Scenarios Overview
Threat driven geographic circles of impact
Kinds of threats and events
Responsibility
What will you do, what is shared, what do othershave to do for themselves
Tolerance for risk and uncertainty
Lesson learned: if you have a well knownand documented local risk:
Have a real plan or get ready for a careerchange
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
5/24
Start With A Readiness
Dashboard
All aspects of the plan, testing, and
implementation should be scored simply
(Red, Yellow, and Green)
Key indicators of planning and readiness
need a dashboard to enable assessment
and action
Score or status
Trend
Key issue
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
6/24
Engage the Policy Makers
Executive, legislative, and judicial
Those who hold the seat and those who
actually make the decisions
Go below the top level to ensure clarity,
alignment, and redundancy
EOC designees
Emergency authorizers and authoritydecide how you will bust though red tape
and bottle necks when it is needed
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
7/24
First Steps
Leadership: clarity, alignment, andcommitment
Authority or consensus?
Stakeholders roles and responsibilities Be clear about risk tolerance
Applications and IT assets inventory
If needed, dust off and update your Y2K work
Good data on plan status, readiness, test
results, response, and compliance
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
8/24
First Steps
Make a friend in accountingactuariallyaccurate threat scenarios are more likely to
be funded as risk and cost can be properly
balanced
Review existing plan or make a plan
Borrow or buy a template
Review peer plans and conduct site visits Communicate until it hurts
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
9/24
Know How Non-Governmental
Organizations Fit In
Media Broadcast and satellite
Emergency Broadcast System Members
Print New media
The Web
Government site mangers Commercial site managers
Citizens and bloggers
Self-organizing communities (e.g. Craigs List)
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
10/24
Know How Non-Governmental
Organizations Fit In
Charities
Businesses and business associations
Community organizations
Vital private services (hospitals, nursing
homes, etc. )
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
11/24
Nail Down Your Critical
Functions
Law and order essentials (people, mobility,
tools, survival basics, etc.)
Communications Personnel management (policies,
scheduling, notification trees and systems,
counseling, etc.) Data and the connections to data and people
Transactional systems
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
12/24
Nail Down Your Critical
Functions
Rescue and response
Pipeline to the health care system
Building/location/hazmat information for fireand first responders
Justice processing and incarceration
Dispatch
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
13/24
Nail Down Your Critical
Functions
Records
Mobility
Devices and local storage if communications areintermittent or fail (e.g. mobile maps and
databases)
Know what you can actually cover (and what
you are just waiving your hands at and
hoping it either works or is never needed)
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
14/24
IT Requirements
What systems need to function How fast
Maximum and optimum time frame for each
system or function to be restored How well
Sometimes minimal functionality is sufficient
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
15/24
IT Requirements
Where will it be used and by whom andwill the communications infrastructure
support it?
Employees
Users or beneficiaries
By what priority will systems be restored
The priority will be modified by whatcontingencies
E.g. a long term total evacuation changes the
operational needs for criminal justice systems
and personnel
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
16/24
Continuity and Disaster
Recovery Location Options
Consider new kinds of mutual aid and
sister city/county/state arrangements
Work with friends, colleagues, associations,
and vendors
To match you with a comparable entities that
are located outside the various geographic
threat circles Who can mirror your IT operations (hardware,
software, operating systems, and culture)
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
17/24
People
Force in depthwho is the backup to thebackup to the backup?
Consider the actual health and physical
abilities and disabilities of a person whenassigning tasks for a disaster scenario
The disaster is not the time to find out the
electrician in the hazmat suit has a heart
condition
What family and personal duties may
interfere with performing official duties (e.g.
save your own kids or save a stranger)?
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
18/24
Systems
Daily operational
Interdependent systems
Emergency only Identity security and access management
for physical and logical security
Follow FIPS 201 for federal/state/localinteroperability
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
19/24
Integration
Identify integration issues between: Internal systems and public safety entities
Other governmental systems
Related actors Non-governmental systems and processes
Example: 911 and 311or its equivalent
Normally separate but related Emergencies blur the line
Co-location, cross training, and system
integration
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
20/24
Implementation and Triage
Someone better be in charge
Dispute resolution processes
Who will be your Sensibility and SanityChecker (off site, not affected by the
disaster, and actually getting enough sleep
to make sound decisions)?
Baton Rouge example with Mayor Holden
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
21/24
Think Third World
Hand crank your computers
Bike generators
Solar and wind power Portable water purifiers
Emergency shelter
Runners and mountain bikes Hand tools
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
22/24
Think New World
Internet Protocol (IP) everything
Bridge between radio, wireless data/WI-FI and
use each as IP conduits as needed
Gigs of portable flash memory
Satellite data and telephony
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
23/24
Think New World
Instant Message
Text and mobile email
Cell On Wheels/Boat/Balloon Negotiate/legislate priority and bumping
rights in telecommunications provisioning
-
8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG
24/24
Conclusion: Essential Public SafetySystems and Organizations Must
Be Disaster Resistant, Flexible,
Diversified, and Redundant(Or We Are All In Big Trouble)
Contact InformationRichard J. H. Varn
Center for Digital Government
rjmvarn@msn com
mailto:[email protected]:[email protected]