What the Department of Homeland Security taught me (part 1)

Airedale Homeland Security
Last week I participated in a Department of Homeland Security DHS Enhanced Critical Infrastructure Protection (ECIP) Assessment for a local organization I am involved in. I’d rather not name it for security reasons, but I spent pretty much the entire day there with a DHS representative, a Lawrence Police Detective, and other persons. This is a voluntary “non-regulatory” program which means they aren’t there to audit and possibly fine, but only to assist in identifying what could go wrong and steps to prevent and contain problems.

I was initially struck by how thorough and detailed the questions were. Because DHS includes FEMA and other organizations, their goal is to keep the wheels of commerce going during a crisis. A good part of the morning was spent identifying what you need to do accomplish your organization’s mission. For a hospital, power is pretty critical especially in an age where records and medicine are stored electronically. If power were unavailable, most hospitals would use generators, which is pretty typical. The follow up questions were much more interesting. If you use a generator, what will your source of gas be? If the power outage is widespread, how will gas be pumped? Even if gas can be pumped, won’t everyone else be needing gas and therefore a shortage ensue? We saw some of this briefly in Lawrence during 9/11 and watched it on TV during Katrina. Unfortunately, we are witnessing it right now in Japan. The engineers who designed those plants missed a critical dependency: power for cooling.

Many businesses and other organizations have contingency plans in case of an emergency, but these are usually short paragraphs rather than actual action plans. One question asked was “what are the main traffic ways into Lawrence?” (K-10 & I-70). What if these roads were closed down? You think nobody would attack Lawrence, of course. What if something spilled on K-10 or I-70 requiring a long term clean up efforts? How would your business be impacted? Do you rely on customers or employees coming from outside the city. What if KCI were closed? Does your business rely on shipments from there? These are things to think about and planned for in advance. This might require you to move your offices in order to accommodate your customers or employees? Have you identified a place you might move to?

Similarly, if your business closed down, what impact would it have on others? Example, if you are a restaurant and you get your supplies from Kansas City via a daily shipment and K-10 is closed down you might decide with the combination of lack of customers, employees and products that it makes more sense to close down, but what if you also supply local non-profits with food (Meals on Wheels, LINK, etc)? How would those organizations be affected? We are all interconnected and when planning for emergencies you need to take a 360 degree approach to minimize downtime for everyone.

Another poignant example the DHS agent discussed is that many businesses say that if roads prevent access, their knowledge workers would telecommute. That’s fine if the problem is isolated to your organization or is in a small isolated area. We’ve seen that during a snowstorm before. But what if it were a few days, or even a week? In reality, our telecommunications systems would be unable to handle the load. Ever notice how your Internet slows down at night or is faster during Spring Break? That’s a mini-glimpse as to the fragility of network infrastructure. Businesses typically make phone calls and emails internal to their organization. Now all these employees will be sharing common Internet connections with kids streaming YouTube and playing World of Warcraft (which, since schools may be closed, more of that would be happening). Internet, landlines, and wireless phones would all be overloaded. Add in a disaster that destroys some of our telecommunications and combine it with additional loads and your contingency plan completely crumbles.

You may not be able to plan for all these items, but your business contingency plan needs to be a level deeper, until the point where you simply can’t plan around the dependency. If you say “we must have phones to do our job” and your plan is “if the phones are overloaded, we’ll switch to wireless or Voice Over IP” this isn’t a great plan because at time of great crisis these systems won’t be reliable. However, you CAN plan for that. I learned an interesting “national secret.” OK, it isn’t really a national secret, but it’s something most people (at least I) didn’t know about.

I’m not exactly going to give you lots of information about this, but apparently critical infrastructure organizations such as hospital, law enforcement and others that provide or support these organizations (remember that 360 degree approach from earlier) can get special cards that allow them priority to telecommunications. You can be given a special card with a secret number that allows you priority when all lines are busy. Incidentally these programs were put in long before 9/11, but in a post 9/11 world having prioritized access to telecommunications is extremely important. However, you’re going to have to prove it to the FCC you need it! If your organization has one of these cards, do you know how to locate one at time of crisis. If the CEO or Executive director has one and lives in Kansas City, that isn’t going to do you much good in a crisis in Lawrence.

If you have a business continuity plan, why don’t you dust it off and think about it on a deeper level? Examine what you’d do in time of crisis and how those that you rely on and rely on you would be impacted by a crisis. If you don’t have a plan, then all you have to lose is your business or organization at time of crisis – and don’t rely on the Fed to help. If you didn’t come up with a plan, then it’s not the taxpayer’s responsibility to pay for your lack of planning now, is it?

In my next post, I’ll talk about how to improve safety for your employees and customers

Tags: , , ,

1 Response to "What the Department of Homeland Security taught me (part 1)"

Leave a Comment

Copyright © DoctorDave Computer Repair in Lawrence Kansas |   intrepidity Theme by Top Blog Formula on WordPress |   Log In