Disaster Preparedness Recovery and Business Continuity Richard Varn CDG

8/13/2019 Disaster Preparedness Recovery and Business Continuity Richard Varn CDG

1/24

Disaster Preparedness, Disaster

Recovery, and Business Continuity in

Public Safety

Be Prepared: That's the motto of the Boy Scouts.

"Be prepared for what?" someone once askedBaden-Powell, the founder of Scouting, "Why, for

any old th ing ." said Baden-Powell.(Boy Scout Handbook, 11th edition, page 54)


2/24

Overlapping and Inter-

Related Responsibilities

Disaster

Preparedness and

Recovery and

Business

Continuity

Quality AssuranceMethodologies

Cyber Security

Physical Security

Public Safety


3/24

Public Safety Scenarios

Public safety entities have a more difficultchallenge

Your IT DR/BC plan is intertwined with risk

scenarios You may be affected by the risks of a given

scenario and your IT plan must address those

risks appropriately to maintain operations

You also have a role in response to the

scenario so the events will affect your

operational requirements


4/24

Scenarios Overview

Threat driven geographic circles of impact

Kinds of threats and events

Responsibility

What will you do, what is shared, what do othershave to do for themselves

Tolerance for risk and uncertainty

Lesson learned: if you have a well knownand documented local risk:

Have a real plan or get ready for a careerchange


5/24

Start With A Readiness

Dashboard

All aspects of the plan, testing, and

implementation should be scored simply

(Red, Yellow, and Green)

Key indicators of planning and readiness

need a dashboard to enable assessment

and action

Score or status

Trend

Key issue


6/24

Engage the Policy Makers

Executive, legislative, and judicial

Those who hold the seat and those who

actually make the decisions

Go below the top level to ensure clarity,

alignment, and redundancy

EOC designees

Emergency authorizers and authoritydecide how you will bust though red tape

and bottle necks when it is needed


7/24

First Steps

Leadership: clarity, alignment, andcommitment

Authority or consensus?

Stakeholders roles and responsibilities Be clear about risk tolerance

Applications and IT assets inventory

If needed, dust off and update your Y2K work

Good data on plan status, readiness, test

results, response, and compliance


8/24

First Steps

Make a friend in accountingactuariallyaccurate threat scenarios are more likely to

be funded as risk and cost can be properly

balanced

Review existing plan or make a plan

Borrow or buy a template

Review peer plans and conduct site visits Communicate until it hurts


9/24

Know How Non-Governmental

Organizations Fit In

Media Broadcast and satellite

Emergency Broadcast System Members

Print New media

The Web

Government site mangers Commercial site managers

Citizens and bloggers

Self-organizing communities (e.g. Craigs List)


10/24

Know How Non-Governmental

Organizations Fit In

Charities

Businesses and business associations

Community organizations

Vital private services (hospitals, nursing

homes, etc. )


11/24

Nail Down Your Critical

Functions

Law and order essentials (people, mobility,

tools, survival basics, etc.)

Communications Personnel management (policies,

scheduling, notification trees and systems,

counseling, etc.) Data and the connections to data and people

Transactional systems


12/24


Functions

Rescue and response

Pipeline to the health care system

Building/location/hazmat information for fireand first responders

Justice processing and incarceration

Dispatch


13/24


Functions

Records

Mobility

Devices and local storage if communications areintermittent or fail (e.g. mobile maps and

databases)

Know what you can actually cover (and what

you are just waiving your hands at and

hoping it either works or is never needed)


14/24

IT Requirements

What systems need to function How fast

Maximum and optimum time frame for each

system or function to be restored How well

Sometimes minimal functionality is sufficient


15/24

IT Requirements

Where will it be used and by whom andwill the communications infrastructure

support it?

Employees

Users or beneficiaries

By what priority will systems be restored

The priority will be modified by whatcontingencies

E.g. a long term total evacuation changes the

operational needs for criminal justice systems

and personnel


16/24

Continuity and Disaster

Recovery Location Options

Consider new kinds of mutual aid and

sister city/county/state arrangements

Work with friends, colleagues, associations,

and vendors

To match you with a comparable entities that

are located outside the various geographic

threat circles Who can mirror your IT operations (hardware,

software, operating systems, and culture)


17/24

People

Force in depthwho is the backup to thebackup to the backup?

Consider the actual health and physical

abilities and disabilities of a person whenassigning tasks for a disaster scenario

The disaster is not the time to find out the

electrician in the hazmat suit has a heart

condition

What family and personal duties may

interfere with performing official duties (e.g.

save your own kids or save a stranger)?


18/24

Systems

Daily operational

Interdependent systems

Emergency only Identity security and access management

for physical and logical security

Follow FIPS 201 for federal/state/localinteroperability


19/24

Integration

Identify integration issues between: Internal systems and public safety entities

Other governmental systems

Related actors Non-governmental systems and processes

Example: 911 and 311or its equivalent

Normally separate but related Emergencies blur the line

Co-location, cross training, and system

integration


20/24

Implementation and Triage

Someone better be in charge

Dispute resolution processes

Who will be your Sensibility and SanityChecker (off site, not affected by the

disaster, and actually getting enough sleep

to make sound decisions)?

Baton Rouge example with Mayor Holden


21/24

Think Third World

Hand crank your computers

Bike generators

Solar and wind power Portable water purifiers

Emergency shelter

Runners and mountain bikes Hand tools


22/24

Think New World

Internet Protocol (IP) everything

Bridge between radio, wireless data/WI-FI and

use each as IP conduits as needed

Gigs of portable flash memory

Satellite data and telephony


23/24

Think New World

Instant Message

Text and mobile email

Cell On Wheels/Boat/Balloon Negotiate/legislate priority and bumping

rights in telecommunications provisioning


24/24

Conclusion: Essential Public SafetySystems and Organizations Must

Be Disaster Resistant, Flexible,

Diversified, and Redundant(Or We Are All In Big Trouble)

Contact InformationRichard J. H. Varn

Center for Digital Government

rjmvarn@msn com
mailto:[email protected]:[email protected]

Disaster Preparedness Recovery and Business Continuity Richard Varn CDG

Documents

Transcript of Disaster Preparedness Recovery and Business Continuity Richard Varn CDG