October 2013
Emergency Planning for
Essential Staff
Larry G. Wlosinski,
CDP, CISSP, CISM, CAP, CRISC, CISA, ITIL v3, CBCP
Prepare for Disaster: Recover Faster.
1
Larry G. Wlosinski
CDP, CISSP, CISM, CAP, CRISC, CISA, ITIL v3, CBCP

Federal Government Experience (24+ yrs)


Commercial Industry Experience (14 yrs)


Insurance, International & Interstate Banking, Collections, Small Business
Consulting Experience:





EPA, NIH, CMS, DOJ, DHS, DOE, DIA, NOAA
Computer Sciences Corp. (CSC) – Section Manager
Lockheed Martin – IT Security Manager
Booz Allen Hamilton (BAH) – Associate
And others – Sr. IT Security Engineer, Project Manager, etc.
IT Security Expertise:





Policy, Procedure, Guidance, Standards, Templates, Checklists
IT Security Assessments (C&A/A&A, Risk, Audit)
Continuity Planning (OEP, BIA, ISCP, COOP, DRP, Devolution, etc.)
Cloud Security
Incident Response & Planning
2
Belated Reminder: September was
National Preparedness Month






Update your Continuity Plans: Contingency,
Devolution, Disaster Recovery, COOP, etc.
Conduct a Fire Drill at each location
Test your Backup and Recovery Devices and
Media
Verify Command Center readiness
Test Emergency Communication capability
Update Calling Trees
3
Objectives






Provide a better understanding of federal
government emergency planning
Review some federal government
requirements
Provide an understanding of the different
plans
Present an idea of team responsibilities
Pass along some lessons learned
Show how the various plans differ
4
AGENDA


Orientation - Threats
Present Emergency Framework



National Essential Functions (NEFs)
Types of Plans
Discuss COOP & Devolution Plan





Federal Continuity Directives (FCD 1 & 2)
Elements & Building Blocks
Document Contents
Response Teams
Devolution Plan Contents & Comparison
5
AGENDA (2)

Discuss IT/S Contingency Planning






Implementation/Activation Criteria
Contents
Teams
Exercises/Testing
Reporting – Lessons Learned, AAR
Review Contents of Other Plans







COG
BCP
DRP
BRP
IRP
OEP
Pandemic
6
Federal Mandates

National Security Presidential Directive 51 /
Homeland Security Presidential Directive 20
(NSPD-51/HSPD-20) – 5/9/2007


Executive Order 12656 - 11/18/1988



National Continuity Policy
Assignment of Emergency Preparedness
Responsibilities
National Continuity Policy Implementation Plan –
8/31/2007
Federal Continuity Directives (FCD) 1 and 2 –
Feb. 2008
7
Sample Threats










Terrorist Attack
Biological
Bomb/Explosion
Chemical
Civil Disturbance
Fire (direct or nearby)
Water Damage or
Stoppage
High Winds
(Hurricane/Tornado)
Power Loss/Utility Failure
Hostage Situation










Radiological
Structure Damage
Building Deterioration
(electrical, pipes, roof)
Telecommunications Loss
Community Disaster
Metropolitan Commuting
Failure
Requests for Shelter
Airborne Crash
Health/Pandemic
Work stopage
8
Hierarchy of Business Continuity Management in
United States Civilian Agencies
9
National Essential Functions (NEFs)
1.
2.
3.
4.
5.
6.
7.
Ensuring the continued functioning of our form of government
under the Constitution, including the functioning of the three
separate branches of government.
Providing leadership visible to the Nation and the world and
maintaining the trust and confidence of the American people.
Defending the Constitution of the United States against all
enemies, foreign and domestic, and preventing or interdicting
attacks against the United States or its people, property, or
interests.
Maintaining and fostering effective relationships with foreign
nations.
Protecting against threats to the homeland and bringing to justice
perpetrators of crimes or attacks against the United States or its
people, property, or interests.
Providing rapid and effective response to and recovery from the
domestic consequences of an attack or other incident.
Protecting and stabilizing the Nation’s economy and ensuring
public confidence in its financial systems. Providing for critical
Federal Government services that address the national health,
safety, and welfare needs of the United States.
10
PMEFs and MEFs

Primary Mission Essential Functions (PMEF) are
agency functions that support the performance of the
NEFs


Functions that need to be continuous or resumed within 12 hours
after an event and maintained for up to 30 days or until normal
operations can be resumed.
Mission Essential Functions (MEF) are government
functions that support PMEFs

Functions that enable an organization to provide vital services,
exercise civil authority, maintain the safety of the public, and
sustain the industrial/economic base during disruption of normal
operations.
11
Types of Emergency Plans










Continuity of Government (COG)
Continuity of Operations Plan (COOP)
Devolution Plan
Business Continuity Plan (BCP)
Information Technology/System Contingency Plan (CP)
Disaster Recovery Plan (DRP)
Business Resumption Plan (BRP)
Incident Response Plan (IRP)
Occupant Emergency Plan (OEP)
Pandemic Plan
12
Relationships of Emergency Plans
NIST SP 800-34
13
14
Types of Emergency Plans
USA Continuity of Government (COG)

Many plans
Continuity of Operations Plan (COOP) – FPC 65

Viable, executable plans for leadership, succession, and key personnel to ensure that
a department/agency’s essential functions continue to function as needed.
Information System Contingency Plan – NIST SP 800-34

Management policy and procedures designed to maintain or restore business
operations, including computer operations, possibly at an alternate location, in the
event of emergencies, system failures, or disaster.
Disaster Recovery Plan (DRP)

A written plan for processing critical applications in the event of a major hardware or
software failure or destruction of facilities. The DRP defines management policy and
procedures designed to maintain or restore computer operations, at an alternate
location, in the event of emergencies, system failures, or disaster.
FCD 1 = Federal Continuity Directive 1, October 2012; FCD 2: July 2013
FPC 65 = Federal Branch Continuity of Operations (COOP), June 2004
NIST SP 800-34 = Contingency Planning Guide for Information Technology Systems
15
Types of Emergency Plans (2)
Incident Response Plan (IRP)

The IRP provides a roadmap for implementing its incident response program based on the
organization’s policy. The plan lays out the resources, management support, metrics,
training, and reporting that is needed to effectively maintain and mature an incident
response capability.
Business Resumption Plan (BRP)

Addresses the resumption of normal business after the contingency event is over.
Business Continuity Plan (BCP)

BCPs are written at the office/component level, and they focus on sustaining the essential
Business Functions. These plans address the overall recovery strategy for the organization
and the steps to be taken immediately after a contingency event is declared. The BCP
includes the OEP, ITCPs, IRPs, DRP, and BRP.
Pandemic Plan

Pandemic Plan emphasizes that continuing operations in the face of a pandemic may not
entail an official COOP declaration and that maintaining functionality may be accomplished
through contact intervention (social distancing) strategies, telework and other means, and
may not require the relocation of the personnel. The Pandemic Plan also recognizes that
relocation may be necessary due to a separate or concurrent event.
16
Types of Emergency Plans (3)
Crisis Communications Plan

Establishes internal and external communications procedures
Occupant Emergency Plan (OEP)

Outlines an organization’s emergency response: evacuation, calling emergency
authorities, etc.
Risk Management

Trains planners in a risk-based approach to identify vulnerabilities or gaps to facilities,
personnel, operations, and resources, and recommends mitigation actions
Devolution Plan – FCD 1

To ensure the continuation of an agency’s essential functions in the event that the
agency’s leadership and staff are unavailable or incapable of performing its essential
functions from either its primary or alternate facilities
17
Communications









Emergency Notification System (ENS)
Telework (e.g., Cloud e-mail)
Hoteling (e.g., FEMA, BAH)
Virtualize Vital Records
Resources/Tools (GotoMeeting, Skype)
PDA, Cell Phone – Texting
SharePoint
Voice
Wireless
18
Continuity of Operations Plan
(COOP) & Devolution Plan
SEC_RITY is not complete without U!
19
Federal Continuity Directive 1 (FCD 1) –
Continuity Evaluation Tool (CET)
Federal Executive Branch National Continuity Program and
Requirements
 Program Plans and Procedures (21 questions)
 Budgeting and Acquisition of Resources (8)
 Essential Functions (13)
 Orders of Succession (10)
 Delegations of Authority (9)
 Continuity Facilities (22)
 Continuity Communications (10)
 Vital Records Management (20)
 Human Capital (15)
 Test, Training, and Exercise Program (34)
 Devolution of Control and Direction (10)
 Reconstitution Operations (16)
 Operational Phases and Implementation (47)
20
Federal Continuity Directive 2 (FCD 2) –
Business Process Analysis (BPA)

Implements the requirements of FCD 1, ANNEX C.

It provides guidance and direction to Federal executive branch departments
and agencies for identification of their Mission Essential Functions (MEFs) and
potential Primary Mission Essential Functions (PMEFs).

It includes guidance and checklists (7 worksheets) to assist departments and
agencies in assessing their essential functions through a risk management
process and in identifying potential PMEFs that support the National Essential
Functions (NEFs) – the most critical functions necessary to lead and sustain
the nation during a catastrophic emergency.

The FCD provides direction on the formalized process for submission of a
department’s or agency’s potential PMEFs that are supportive of the NEFs.

Includes guidance on the processes for conducting a Business Process
Analysis (BPA) and Business Impact Analysis (BIA) for each of the potential
PMEFs that assist in identifying essential function relationships and
interdependencies, time sensitivities, threat and vulnerability analyses, and
mitigation strategies that impact and support the PMEFs.
21
COOP Elements





Essential Functions
Delegation of Authority
Orders of Succession
Vital Records,
Databases & Systems
Interoperable
Communications





Contingency Staff and
Responsibilities
Calling Tree
Devolution
Reconstitution
Tests, Training, and
Exercises
22
Continuity of Operations Plan (COOP)
I.
II.
III.
IV.
V.
VI.
VII.
VIII.
I.
II.
IX.
X.
I.
II.
XI.
Introduction
Purpose
Application and Scope
Mission Essential Functions (MEFs)
Authorities and References
Concept of Operations (next slide)
COOP Planning Responsibilities
Logistics
Alternate Location
Interoperable Communications
Test, Training, and Exercises
Multi-Year Strategy & Program Management Plan (MYSPMP)
Budget
Maintenance
COOP Maintenance
23
COOP - Concept of Operations
PHASE I – ACTIVATION AND RELOCATION



Decision Process
Alert, Notification, and Implementation Process
Leadership






Orders of Succession
Delegations of Authority
Devolution
Personnel Accountability
Acquisition of Resources
Human Capital
PHASE II – ALTERNATE FACILITY OPERATIONS


Mission Critical Systems
Vital Files, Records, and Databases
PHASE III - RECONSTITUTION
24
COOP - Sample Appendices
A.
B.
C.
D.
E.
F.
G.
Authorities and References
Business Impact Analysis
(BIA)
Emergency Personnel
Rosters
Go-Kit Recommendations
Emergency Operational
Checklists (Code Orange &
Red)
Human Capital (OPM
Guidance)
Family Support &
Preparedness
H.
I.
J.
K.
L.
M.
N.
Emergency Telephone
Numbers
Alternate Location/Facility
Information
Maps and Evacuation Routes
Facility and Risk Assessments
Emergency Communications
Procedures
Multi-Year Strategy and
Program Management Plan
(MYSPMP)
Test, Training, and Exercises
25
Emergency Teams

Management: Confirms and communicates site relocation decision; Receives the Initial Disaster Alert;
Verifies Status of Personnel; Verifies and Assesses the Damage in Coordination with the Damage
Assessment Team; Decides Course of Action (Short vs. Long Term; Alternate Site/Location
Assessment); Coordinates Communication (Across Teams; Intra-Team); Activates the ITCP; Plans
expenditures (funding requirements & allocation)

Damage Assessment: Determines amount and type of damage; Prepares initial estimate of time to
restoration (this estimate will be used by management to determine whether to invoke COOP and/or
relocate personnel to alternate facility); Performs continuous communication with management and
others responsible regarding status.

Network Restoration: Performs restoration of Services; Responsible for ensuring that all backbone
architecture is restored and stable (Voice, Video, Data); Vendor Coordination

Application Restoration: Responsible for restoration of all organization’s essential applications once
notified by network restoration team that network is stable and ready for application restoration process
to begin. Applications include: E-mail, Web services, Customer applications, etc.

Physical Security: Responsible for physical and logical security; Ensures that only authorized personnel
have access to either the main site or the alternate recovery site as required

System/Network Security: Enforcement of all security plans, policies and procedures during and after
the return to normal operations; Monitors environment and may advise on recovery efforts (e.g.,
malicious software or activity, network security controls/safeguards, reporting)

Help/Service Desk: Invokes the crisis management procedure; Maintains list of points of contact;
Receives problem/event information; Determines scope of problem; Prepares service desk standard
response; Informs the team of situation and provide response verbiage; Answers problem/service calls;
Completes Remedy tickets; Tracks problem and resolution activity; Adjusts call response according to
events
26
Exercise & Lessons Learned

Exercise



Eagle Horizon – annual
Require involvement of Essential Staff
Lessons Learned





Plan, plan, plan
Prepare scenarios
Test Calling Tree
Write an After Action Report (AAR)
Implement enhancements
27
COOP to Devolution Plan Comparison
Phase
COOP
Concept
Relocate selected
personnel to alternate
facility
Transfer COOP
mission to
devolution site
Planning
COOP personnel will
perform essential
functions at alternate
facility
Devolution site
personnel will
perform essential
functions
COOP personnel
deploy to alternate
facility and perform
essential functions
Devolution site
personnel perform
essential functions
Implementation
(including tests,
training, and
exercises)
Devolution
28
COOP -vs- Devolution
MISSION
Normal
Operations
PERSONNEL
FACILITY
MISSION
COOP
Activation
Loss of Facility
PERSONNEL
PERSONNEL
ERS
FACILITY
Devolution
of
Operations
MISSION
COOP Execution
MISSION
Loss of Facility
& Personnel
FACILITY
Devolution Execution
MISSION
New PERSONNEL
PERSONNEL
New
FACILITY
FACILITY
Reconstitution
Potomac Forum, Ltd.
Takes Organization back to a state of Normalcy
29
Devolution Plan
2. CONCEPT OF OPERATIONS
2.1 Disruption of Operations
2.2 Operational Sites
2.3 Operations Activation Conditions
2.4 Devolution Scenarios
2.5 Relationship between Continuity & Devolution of Operations
2.6 Threat Conditions & Potential Responses
2.7 Assumption of Essential Functions and Mission
2.8 Orders of Succession
2.9 Delegations of Authority
2.10 Personnel Recall Roster
3. ORGANIZATION AND RESPONSIBILITIES
3.1 Responsibilities of Devolution Working Group
3.2 Responsibilities of Devolution Emergency Response Group (DERG)
3.3 Organization
30
Devolution Plan
4. DEVOLUTION OF OPERATIONS IMPLEMENTATION
4.1
4.2
4.3
4.4
Readiness & Preparedness
Activation & Transfer of Authority
Devolution Operations
Reconstitution
5. SUPPORT REQUIREMENTS
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
Personnel Coverage Procedures During DERG Activations
Vital Records Management
Pre-Positioned Information
Continuity Communications
Tests, Training, & Exercise Program
Security
Budgeting and Acquisition
Human Capital
Appendices:
MEFS
Resource Requirements
Devolution of Operations Sites
Devolution Counterparts
Acronyms
Threat Scenarios
31
Information System
Contingency Plan (ISCP)
Prepare for Disaster: Recover Faster.
32
Criteria Needed to Implement ISCP


Safety of personnel
Service disruption that adversely affects the
mission




Extended power disruption
Catastrophic network event
Normal troubleshooting / restoration
procedures are not sufficient to repair the
outage in a timely period
Unable to support the mission essential
functions
33
Contingency Plan Outline
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Introduction
Concept of Operations
Notification and Activation (next 3 slides)
Recovery Operations
Reconstitution (Return to Normal)
Testing Plans
Training Scenarios and Exercises
Lessons Learned
Plan Maintenance
Appendices
34
ISCP Concept of Operations
PHASE I – ACTIVATION AND RELOCATION






Decision Process
Alert, Notification, and Implementation
Process
Declaring a Disaster
Determine Impact & Severity
Activating the Recovery Data Center
Leadership
 Orders of Succession
 Delegations of Authority
 Devolution
35
ISCP Concept of Operations
PHASE II: ALTERNATE FACILITY OPERATIONS



Systems Recovery Priority
Vital Files, Records, and Databases
Recovery Teams
36
ISCP Concept of Operations
PHASE III: RECONSTITUTION
Planning Responsibilities
Logistics




Alternate Location
Backup
Media Storage
Interoperable Communications
Test, Training, & Exercises
Plan Maintenance
37
ISCP Appendices (Suggested)
Personnel Contact List
Vendor Contact List
C. Detailed Recovery Procedures
D. Alternate Location/Facility Information
E. System Validation Test Plan
F. Alternate Storage Site and Telecommunications
G. Diagrams (System and Input / Output)
H. System Inventory
I. Interconnections Table
J. Test and Maintenance Schedule
K. Associated Plans and Procedures
L. Business Impact Analysis (BIA)
M. Document Change Page
A.
B.
38
ISCP Exercise Phases
Damage Assessment
Recovery
Reconstitution
39
Recovery Teams

Essential Recovery Personnel


Primary, Secondary, Tertiary
Teams

Functions




Leadership
Team Leads
Subject Matter Experts (SMEs)
Actual teams are assigned as required to restore essential functions/systems
for example:








Management Team
Damage Assessment Team
Server Restoration Team
Application Restoration Team
Network/Architecture Restoration Team
Database (DB) Restoration Team (when applicable)
Security Team
Help/Service Desk Team
40
ISCP Testing Objectives








Keep personnel assignments and
notification/call lists current
Acquaint new employees with responsibilities
Verify backup storage procedures
Verify primary and backup site have same
configurations
Train staff
Test recovery procedures and checklists
Identify and correct vulnerabilities
Identify and mitigate new threats
41
Sample ISCP Scenario Variables





Power outage
Loss of equipment or
data
Loss of connectivity
Unavailability/loss of
staff; staff turnover
Level of testing (one
sample, partial, full)





Stale documentation
Contractual support
issues
Conflicting priorities
Problems with on/offsite work environment
Issues with alternate
location
42
Lessons Learned Report
Component
System(s) Covered
Exercise/Test Date
Personnel
Present/Participants
Scenario/Exercise
Description
Results
1.
2.
3.
4.
5.
6.
a.
b.
c.
Description
Impact
Team Issues
Lessons Learned
7.
a.
b.
c.
d.
e.
f.
What Went Right?
What Went Wrong?
What should have
been done differently?
Preventative measures
and recommendations
Follow-up actions
needed
Items for revised ISCP
43
CP After Action Report (AAR)





Executive Summary
Exercise Overview
Goals and Objectives
Synopsis
Exercise Analysis





Lessons Learned
Exercise Concerns
Exercise Response Analysis
Action Items & Recommendations
Appendices – Exercise Scenarios
44
Sec-UR-rity - You are at the center.
Other Plans:

Continuity of Government (COG)
 Business Continuity Plan (BCP)
 Disaster Recovery Plan (DRP)
 Business Resumption Plan (BRP)
 Incident Response Plan (IRP)
 Occupant Emergency Plan (OEP)
 Pandemic Plan
45
Continuity of Government (COG)
- Many plans by sector










Agriculture & Food
Banking & Finance
Chemical
Commercial Facilities
Communications
Critical Manufacturing
Dams
Defense Industrial Base
Emergency Services
Energy








Government Facilities
Healthcare & Public
Health
Information Technology
National Monuments &
Icons
Nuclear Reactors,
Materials & Waste
Postal & Shipping
Transportation Systems
Water
46
Business Continuity Plan (BCP)

Business continuity planning


reestablishment of critical business operations
so that operations can continue
If a disaster has rendered the business
unusable for continued operations, there
must be a plan to allow the business to
continue to function
47
Disaster Recovery Plan (DRP)
Purpose and Scope
2. Objectives [e.g., Scale up and manage alternate site]
3. Assumptions
4. Criteria for Invoking DRP
5. Team Responsibilities
6. Emergency Procedures (Recovery Team)
7. Recovery Scenarios (Minor, Major)
8. Recovery Tasks/Activities by Team (Immediate, 3 Hours, 24
hours, Ongoing)
9. Command Center (Primary & alternate locations; Requirements)
10. Standby Facility (Location; Activation POC & Procedures)
11. Data Storage (Location, POC Information)
1.
48
DRP (2)
12.
13.
14.
15.
Critical Applications (Classification, Prioritized, Time Est.,
Requirements)
Supplies for Standby Facility (Immediate needs; Where to obtain)
POC Information (Management, Teams, Vendors & Suppliers,
Users)
Inventories


16.
17.
18.
Hardware: mainframe, server, workstations/PCs, disk & tape drives,
printers, network equipment, non-computer
Software: operating systems, utilities, application, data/backup
Supporting Documentation (Production schedules, policies, site
plans, network diagrams, backup and restore procedures, first aid,
OEP)
Testing and Training
Plan Maintenance (Cycle, records, distribution)
49
Business Resumption Plan (BRP)

Government: Largely used by the government for
focusing on specific essential functions within the
organization.

Industry: The business resumption plan addresses
restoration of your business after an emergency.
Different from the disaster recovery plan and business
contingency plan, the BRP does not contain continuity
procedures used during an emergency; instead it
focuses on preventative measures and after the dust
settles. The BRP helps you get your business back into
full running order.
50
Sample Incident Response Plan (IRP)













Purpose
Scope
Applicability
Definitions
Requirements for Incident Response
Objectives and Measures of Effectiveness
Organization and Structure
Roles and Responsibilities
Policies and Procedures: Pre-Incident Actions, Incident
Recognition, Incident Reporting, Investigating and Reporting
Data Loss Incidents, Incident Response Procedures
Vulnerability Management
Information Dissemination Control
Compliance Requirements
Appendices: POCs, Reporting Form(s)
51
Occupant Emergency Plan (OEP)

Emergency Alarms
Emergency Instructions for All Employees
Evacuation Procedures
Personnel Assignments
Duties of Emergency Response Participants
Cellular Phone and Pager Usage
Shelter-In-Plan

Appendices:









Emergency Services & Utility Services
Homeland Security Advisory System
Evacuation Plan
52
Pandemic Plan
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
OPM Human Capital Planning for Pandemic Influenza
COOP Annex – Pandemic Influenza
Response Stages 0-6 & Checklists
Government Purchase Card
Support of the Federal Response to a Pandemic Emergency
External Stockholder Communications
Response Stage Sample Messages
Contractor Management: Contractor Guidance During a Pandemic;
Notice to Contractors; Emergency Acquisitions
Main Office Phone Numbers
Interoperable Communications; POC Lists
Accountability: Accountability Policy; Authority to Grant Administrative
Leave Letter; Staff Accountability Worksheet
Non-Traditional Roles
Awareness Tools: Posters, Brochures, Web Sites, etc.
Vaccination Prioritization
Telework Program & Policy (Request Form & Agreement)
53
Appendices to Pandemic Plan









PMEFs and MEFs
Emergency Procurement Procedures
Pandemic Response Procedures
Pandemic Evaluation Tool
Communications
Preventative Measures
Human Capital Guidance
References
Glossary and Acronyms
54
55
Boy Scout Motto:
Be Prepared!
56