Let`s Get Real: Disaster Recovery and Business Continuity
advertisement
Let’s Get Real: Disaster Recovery and Business Continuity in Public Safety Is Yours Just a Paper Plan or a Real Way to Prepare and Respond to Incidents and Disasters? Presentation Overview • Key DR/BC Concepts and Issues – – – – – – – – – – – – • • • Player Scorecard: Who Is In the Game and Why? DR/ BC Framework Action Steps to a Real Plan – – – – – • Report card and dashboard Scenarios Requirements: What has to operational by when for work to be done by how many at what locations serving what customers who are where? Facilities People Systems Integration Coordination Daily readiness and simulated escalations Testing and independent verification and validation Implementation and triage Recovery, discovery, and improvements First steps Critical functions Funding and leveraging scarce resources Think out of the box Integration with the big picture DR/BC plan and activities of your jurisdiction Conclusions Key DR/BC Concepts and Issues The Report Card and Dashboard • All aspects of the plan, test, and implementation should be scored simply (Red, Yellow, and Green) • Key indicators of planning and readiness need a dashboard to enable assessment and action – Score or status – Trend – Key issue Public Safety Scenarios • Public safety entities have a more difficult challenge • Your IT DR/BC plan is intertwined with risk scenarios • You may be affected by the risks of a given scenario and your IT plan must address those risks appropriately to maintain operations • You also have a role in response to the scenario so the events will affect your operational requirements Scenarios Overview • Threat driven geographic circles of impact • Kinds of threats and events • Responsibility – What will you do, what is shared, what do others have to do for themselves • Tolerance for risk and uncertainty • Lesson learned: if you have a well known and documented local risk: – Have a real plan or get ready for a career change… Source: IBM Scenarios • Identify Possible and Likely Natural Disasters and Environmental Conditions By Kind and Duration of Effects – Tornado – Hurricane – Tsunami – Flood – Snowstorm – Drought – Earthquake Scenarios • Identify Possible and Likely Natural Disasters and Environmental Conditions By Kind and Duration of Effects – Electrical storms – Fire – Subsidence and landslides – Freezing Conditions Scenarios • Identify Possible and Likely Natural Disasters and Environmental Conditions By Kind and Duration of Effects – Contamination, Toxic releases and environmental hazards – Epidemic – Pandemic – Animal or crop disease outbreak Scenarios • Organized and/or Deliberate Disruption – Act of terrorism • WMD – Acute and short lived (bomb) – Acute and long lived (dirty bomb) – Chronic » Long term (contaminants and biohazards) » Permanent (radioactivity, etc.) • WLD (suicide bombers, car bombs, utility sabotage) • Bioterrorism or genetically modified or inorganic organisms – Direct contact – Infectious » Contact » Airborne Scenarios • Organized and/or Deliberate Disruption – Act of Sabotage – Product or food tampering – Act of war – Theft – Arson – Labor Disputes / Industrial Action Scenarios • Loss of Utilities and Services – Electrical power failure – Loss of gas supply – Loss of water supply – Petroleum and oil shortage • Raw materials • Refined materials – Communications services breakdown – Loss of drainage / waste removal and trash pickup Scenarios • Equipment or System Failure – Internal power failure – HVAC failure – Equipment failure (excluding IT hardware) Scenarios • Serious Information Security Incidents – Cyber crime – Malware – Zombie attacks – Denial of service – Loss or alteration of records or data – Disclosure of sensitive information Scenarios • IT system failure (local or hosted) – Hardware – Software • Commercial application • Locally developed application – Data – Communications Scenarios • Other Emergency Situations – Workplace violence – Public transportation disruption – Neighborhood hazard – Health and safety issues Scenarios • Multiple and compound hazards and events – Purposeful – Coincidental – Causally connected – Interrelated IT Requirements • What systems need to function • How fast – Maximum and optimum time frame for each system or function to be restored • How well – Sometimes minimal functionality is sufficient IT Requirements • Where will it be used and by whom and will the communications infrastructure support it? – Employees – Users or beneficiaries • By what priority will systems be restored • The priority will be modified by what contingencies – E.g. a long term total evacuation changes the operational needs for criminal justice systems and personnel Facilities • • • • • • • • Hot, warm, cold Mirrored, recoverable, reload-able Properly located EOC Non-EOC Operational IT facilities For user interaction with IT systems Facilities • New kinds of mutual aid and sister city/county/state arrangements – Work with friends, colleagues, associations, and vendors – To match you with a comparable entities that are located outside the various geographic threat circles – Who can mirror your IT operations (hardware, software, operating systems, and culture) People • The right numbers, skills, location, redundancy, etc. – Skills and abilities inventory • • • • Employees Contractors Vendors Mutual aid and “the cavalry” People • Force in depth—who is the backup to the backup to the backup? • Consider the actual health and physical abilities and disabilities of a person when assigning tasks for a disaster scenario – The disaster is not the time to find out the electrician in the hazmat suit has a heart condition • What family and personal duties may interfere with performing official duties (e.g. save your own kids or save a stranger)? Systems • • • • Daily operational Interdependent systems Emergency only Identity security and access management for physical and logical security – Follow FIPS 201 for federal/state/local interoperability Integration • With whom should you work closely? • Identify integration issues between: – Internal systems and public safety entities – Other governmental systems – Related actors – Non-governmental systems and processes • Example: 911 and 311or its equivalent – Normally separate but related – Emergencies blur the line – Co-location, cross training, and system integration Coordination • • • • • Within organization Within unit of government Across units of government Across levels of government Across public and private boundaries Daily Readiness and Simulated Escalations • • • • A disaster a day (“What, that’s not normal?”) Realistic scenarios Captured lessons Learning and actually responding to lessons learned within risk framework • A quality and security framework for daily operations has substantial overlap with DR/BC Security Capabilities Models Like similar capability models from the Carnegie Mellon SEI, SCMM models brings benefits: – Helps close security holes – Serves as a foundation for growth – Guides security leadership – Is evolutionary, not chaotic – Supports point solutions Security Leadership Strategy Security Sponsorship Causes Security Strategy Security Program Security Program Structure Security Program Resources and Skillsets Management Security Policies Security Policies, Standard and Guidelines Security Management Security Administration Security Monitoring Knowledge User Management User Management User Awareness Information Asset Security Application Security Technologies Database / Information Security Host Security Internal Network Security Network Perimeter Security Technology Protection and Continuity Support Physical and Environment Controls Contingency Planning Controls KPMG SCMM Model Effects Capability Maturity Like the SCI CMM models, the KPMG Security Capability Model has five levels of maturity: Optimizing (5) Continuously improving process Managed (4) Predictable process Standard, consistent process Disciplined process Informal process Defined (3) Repeatable (2) Initial (1) Testing and Independent Verification and Validation • Does the planned response or action step actually work? • Who verifies that it does? • What do you do if it fails the test? Implementation and Triage • Someone better be in charge • Dispute resolution processes • Who will be your Sensibility and Sanity Checker (off site, not affected by the disaster, and actually getting enough sleep to make sound decisions)? • Baton Rouge example with Mayor Holden Recovery, Discovery, and Improvements • What will the new normal be and when will it happen • Learn from history, both recent and long past • Document while the event occurs if at all possible (make it someone’s job) or soon after before memories fade Player Scorecard Who Is In the Game and Why Overlapping and InterRelated Responsibilities Disaster Preparedness and Recovery and Business Continuity Physical Security Public Safety Quality Assurance Methodologies Cyber Security The Usual Suspects in Public Safety • Police • Fire • Other sworn officers (transit, game, building or branch based, etc.) • National Guard • Public Health • Public Works • Transportation • Environmental Protection The Usual Suspects in Emergency Management • Federal, state and local emergency management entities • National Guard • NOAA, NWS, NSSL, other National Laboratories, • Corps of Engineers IT Entities • CIO, CTO, and Enterprise IT Shops • Distributed IT Departments and leadership • Government IT contractors – DR/BC specific entities – Applications developers and software – Hardware – Service providers (ASP, MSP, call centers, etc. • Communications providers Policy Makers • Executive, legislative, and judicial – Those who hold the seat and those who actually make the decisions… – Go below the top level to ensure clarity, alignment, and redundancy • EOC designees • Emergency authorizers Non-Governmental Organizations • Media – Broadcast and satellite • Emergency Broadcast System Members – Print – New media • The Web – Government site mangers – Commercial site managers – Citizens and bloggers – Self-organizing communities (e.g. Craig’s List) Non-Governmental Organizations • • • • Charities Businesses and business associations Community organizations Vital private services (hospitals, nursing homes, etc. ) A DR/BC Framework Business Operations and Technology • Create a matrix, not a linear or organizational view • Strategy • Organization • Processes • Applications and data • Technology • Facilities Source: IBM Action Steps to a Real Plan First Steps First Steps • Leadership: clarity, alignment, and commitment • Authority or consensus? • Stakeholders roles and responsibilities • Be clear about risk tolerance • Applications and IT assets inventory – If needed, dust off and update your Y2K work • Good data on plan status, readiness, test results, response, and compliance First Steps • Make a friend in accounting—actuarially accurate threat scenarios are more likely to be funded as risk and cost can be properly balanced • Review existing plan or make a plan • Borrow or buy a template • Review peer plans and conduct site visits • Communicate until it hurts Critical Functions Nail Down Your Critical Functions • Law and order essentials (people, mobility, tools, survival basics, etc.) • Communications • Personnel management (policies, scheduling, notification trees and systems, counseling, etc.) • Data and the connections to data and people • Transactional systems Nail Down Your Critical Functions • Rescue and response • Pipeline to the health care system • Building/location/hazmat information for fire and first responders • Justice processing and incarceration • Dispatch Nail Down Your Critical Functions • Records • Mobility – Devices and local storage if communications are intermittent or fail (e.g. mobile maps and databases) • Know what you can actually cover (and what you are just waiving your hands at and hoping it either works or is never needed) Funding and Leverage Funding and Leverage • Work within your risk/threat/cost/benefit matrix and follow your own rules • How serious are you about being prepared? Funding and Leverage • Stop building single purpose infrastructures and reuse what you have – “Ask not, what an infrastructure can do for you, but what it can do for your taxpayers” • Use shared services • Follow standards or help create them if lacking Funding and Leverage • Determine what pre-existing, unmet needs can be addressed by a new investment • Determine whether existing public safety or enterprise systems will do the job and if you can use them • Invest wisely – Vendors over inventors – COTS over customization – Web services over hard coding Think Out of the Box Think Third World • • • • • • • Hand crank your computers Bike generators Solar and wind power Portable water purifiers Emergency shelter Runners and mountain bikes Hand tools Think New World • Internet Protocol (IP) everything – Bridge between radio, wireless data/WI-FI and use each as IP conduits as needed • Gigs of portable flash memory • Satellite data and telephony Think New World • • • • Instant Message Text and mobile email Cell On Wheels/Boat/Balloon Negotiate/legislate priority and bumping rights in telecommunications provisioning Integrate With the Big DR/BC Picture The Big Picture • Consult EM before, during, and after • Once essential public safety systems have a DR/BC IT and overall plan it can be incorporated into the overall EM plan for the jurisdiction • Tie it all together in formal and informal agreements • Create a focal point such as your EOC EOC Basics • Not located in a hazard area (floodway) • 500 square feet minimum floor space • Communications section adjacent to EOC • Three methods of communications with state EMA and local responders • UPS and generator systems located above flood level • Sleeping space for identified staff • Kitchen space/food or meal contract • New construction to International Building Code Source: Alabama EMD Conclusion: Essential Public Safety Systems and Organizations Must Be Disaster Resistant, Flexible, Diversified, and Redundant (Or We Are All In Big Trouble) Contact Information Richard J. H. Varn Center for Digital Government rjmvarn@msn.com Model Plan Outline • What follows is a private sector based, but broadly applicable tool that sells for $199 • To buy a copy of the business continuity plan generator see http://www.eoncommerce.com/rusecure/bcp.asp Model Plan Outline • • • • Business Continuity - Preparing the Plan Initiating the BCP Project Project Initiation Activities BC 010101 Review of Existing BCP (if available) Model Plan Outline • BC 010102 Benefits of Developing a BCP • BC 010103 BCP Policy Statement • BC 010104 Preliminary BCP Project Budget • BC 010105 Procedure for Approving BCP Content Model Plan Outline • BC 010106 Communication on BCP Project to All Employees • Project Organization • BC 010201 Terms of Reference for BCP Project Manager • BC 010202 Appoint BCP Project Manager and Deputy • BC 010203 Select and Notify BCP Project Team Model Plan Outline • BC 010204 Initial BCP Project Meeting • BC 010205 Project Objectives and Deliverables • BC 010206 Project Milestones • BC 010207 Project Reporting Requirements and Frequency • BC 010208 Required Documents and Information Model Plan Outline • Assessing Business Risk and Impact of Potential Emergencies • Emergency Incident Assessment • BC 020101 Environmental Disasters • BC 020102 Organized and / or Deliberate Disruption Model Plan Outline • BC 020103 Loss of Utilities and Services • BC 020104 Equipment or System Failure • BC 020105 Serious Information Security Incidents • BC 020106 Other Emergency Situations • Business Risk Assessment Model Plan Outline • BC 020201 Key Business Processes • BC 020202 Establish Time-Bands for Business Service Interruption Measurement • BC 020203 Financial and Operational Impact • IT and Communications Model Plan Outline • BC 020301 Specifications of IT and Communication Systems and Business Dependencies • BC 020302 Key IT, Communications and Information Processing Systems • BC 020303 Key IT Personnel and Emergency Contact Information • BC 020304 Key IT and Communications Suppliers and Maintenance Engineers • BC 020305 Existing IT Recovery Procedures Model Plan Outline • Existing Emergency Procedures • BC 020401 Summary of Existing Procedures for Handling Emergency Situations • BC 020402 Key Personnel Responsible for Handling Existing Emergency Procedures • BC 020403 External Emergency Services and Contact Numbers Model Plan Outline • BC 020500 Premises Issues • BC 020501 Responsibility and Authority for Building Repairs • BC 020502 Back-up Power Arrangements • Preparing for a Possible Emergency Model Plan Outline • Back-up and Recovery Strategies • BC 030101 Alternative Business Process Handling Strategy • BC 030102 IT Systems Back-Up and Recovery Strategy • BC 030103 Premises and Essential Equipment Back-up and Recovery Strategy Model Plan Outline • BC 030104 Customer Service Back-up and Recovery Strategy • BC 030105 Administration and Operations Back-up and Recovery Strategy • BC 030106 Information and Documentation Back-up and Recovery Strategy • BC 030107 Insurance Coverage • Key BCP Personnel and Supplies Model Plan Outline • BC 030201 Functional Organization Chart • BC 030202 BCP Project Co-coordinator and Deputy for Each Functional Area • BC 030203 Key Personnel and Emergency Contact Information • BC 030204 Key Suppliers and Vendors and Emergency Contact Information • BC 030205 Manpower Recovery Strategy Model Plan Outline • BC 030206 Establishing the Disaster Recovery Team • BC 030207 Establishing the Business Recovery Team • Key Documents and Procedures • BC 030301 Documents and Records Vital to the Business Process • BC 030302 Off-site Storage Model Plan Outline • BC 030303 Emergency Stationery and Office Supplies • BC 030304 Media Handling Procedures • BC 030305 Emergency Authorization Procedures • BC 030306 Prepare Budget for Back-up and Recovery Phase Model Plan Outline • Disaster Recovery Phase • Planning for Handling the Emergency • BC 040101 Identification of Potential Disaster Status • BC 040102 Involvement of Emergency Services • BC 040103 Assessing Potential Business Impact of the Emergency Model Plan Outline • BC 040104 Project Management Activities • Notification and Reporting During Recovery Phase • BC 040201 Mobilizing the Recovery Team • BC 040202 Notification to Management and Key Employees Model Plan Outline • BC 040203 Handling Personnel Families Notification • BC 040204 Handling Media during the Disaster Recovery Phase • BC 040205 Maintaining Event Log during Disaster Recovery Phase • BC 040206 Disaster Recovery Phase Report • Business Recovery Phase Model Plan Outline • Managing the Business Recovery Phase • BC 050101 Mobilizing the Business Recovery Team • BC 050102 Assessing Extent of Damage and Business Impact • BC 050103 Preparing Specific Recovery Plan Model Plan Outline • BC 050104 Monitoring Progress • BC 050105 Keeping Everyone Informed • BC 050106 Handing Business Operations Back to Regular Management • BC 050107 Preparing Business Recovery Phase Report • Business Recovery Activities Model Plan Outline • BC 050201 Power and Other Utilities • BC 050202 Premises, Fixtures and Furniture (Facilities Recovery Management) • BC 050203 Communication Systems • BC 050204 IT Systems (Hardware and Software) Model Plan Outline • • • • BC 050205 Production Equipment BC 050206 Other Equipment BC 050207 Warehouse and Stock BC 050208 Trading, Sales and Customer Service Model Plan Outline • BC 050209 Human Resources • BC 050210 Information and Documentation • BC 050211 Office Supplies • BC 050212 Operations and Administration (Support Services) Model Plan Outline • • • • • Testing the Business Recovery Process Planning the Tests Develop Objectives and Scope of Tests Setting the Test Environment Environmental Disasters Model Plan Outline • • • • • • • Organized and / or deliberate disruption Loss of Utilities and Services Equipment or System Failure Serious Information Security Incidents Other Emergency Situations Prepare Test Data Identify Who is to Conduct the Tests Model Plan Outline • Identify Who is to Control and Monitor the Tests • Prepare Feedback Questionnaires • Prepare Budget for Testing Phase • Training Core Testing Team for each Business Unit Model Plan Outline • Conducting the Tests • Test each part of the Business Recovery Process • Test Accuracy of Employee and Vendor Emergency Contact Numbers • Assess Test Results • Training Staff in the Business Recovery Process Model Plan Outline • • • • • • • • Managing the Training Process Develop Objectives and Scope of Training Training Needs Assessment Training Materials Development Schedule Prepare Training Schedule Communication to Staff Prepare Budget for Training Phase Assessing the Training Model Plan Outline • • • • Feedback Questionnaires Assess Feedback Keeping the Plan Up-to-date Maintaining the BCP Model Plan Outline • Change Controls for Updating the Plan • Responsibilities for Maintenance of Each Part of the Plan • Test All Changes to Plan • Advise Person Responsible for BCP Training
