Title: Disaster Preparedness, Disaster Recovery, and Business Continuity in Public Safety
1Disaster Preparedness, Disaster Recovery, and
Business Continuity in Public Safety
- Be Prepared That's the motto of the Boy
Scouts. - "Be prepared for what?" someone once asked
Baden-Powell, the founder of Scouting, "Why, for
any old thing." said Baden-Powell. - (Boy Scout Handbook, 11th edition, page 54)
2Overlapping and Inter-Related Responsibilities
Disaster Preparedness and Recovery and Business
Continuity
Physical Security
Quality Assurance Methodologies
Cyber Security
Public Safety
3Public Safety Scenarios
- Public safety entities have a more difficult
challenge - Your IT DR/BC plan is intertwined with risk
scenarios - You may be affected by the risks of a given
scenario and your IT plan must address those
risks appropriately to maintain operations - You also have a role in response to the scenario
so the events will affect your operational
requirements
4Scenarios Overview
- Threat driven geographic circles of impact
- Kinds of threats and events
- Responsibility
- What will you do, what is shared, what do others
have to do for themselves - Tolerance for risk and uncertainty
- Lesson learned if you have a well known and
documented local risk - Have a real plan or get ready for a career change
5Start With A Readiness Dashboard
- All aspects of the plan, testing, and
implementation should be scored simply (Red,
Yellow, and Green) - Key indicators of planning and readiness need a
dashboard to enable assessment and action - Score or status
- Trend
- Key issue
6Engage the Policy Makers
- Executive, legislative, and judicial
- Those who hold the seat and those who actually
make the decisions - Go below the top level to ensure clarity,
alignment, and redundancy - EOC designees
- Emergency authorizers and authoritydecide how
you will bust though red tape and bottle necks
when it is needed
7First Steps
- Leadership clarity, alignment, and commitment
- Authority or consensus?
- Stakeholders roles and responsibilities
- Be clear about risk tolerance
- Applications and IT assets inventory
- If needed, dust off and update your Y2K work
- Good data on plan status, readiness, test
results, response, and compliance
8First Steps
- Make a friend in accountingactuarially accurate
threat scenarios are more likely to be funded as
risk and cost can be properly balanced - Review existing plan or make a plan
- Borrow or buy a template
- Review peer plans and conduct site visits
- Communicate until it hurts
9Know How Non-Governmental Organizations Fit In
- Media
- Broadcast and satellite
- Emergency Broadcast System Members
- Print
- New media
- The Web
- Government site mangers
- Commercial site managers
- Citizens and bloggers
- Self-organizing communities (e.g. Craigs List)
10Know How Non-Governmental Organizations Fit In
- Charities
- Businesses and business associations
- Community organizations
- Vital private services (hospitals, nursing homes,
etc. )
11Nail Down Your Critical Functions
- Law and order essentials (people, mobility,
tools, survival basics, etc.) - Communications
- Personnel management (policies, scheduling,
notification trees and systems, counseling, etc.) - Data and the connections to data and people
- Transactional systems
12Nail Down Your Critical Functions
- Rescue and response
- Pipeline to the health care system
- Building/location/hazmat information for fire and
first responders - Justice processing and incarceration
- Dispatch
13Nail Down Your Critical Functions
- Records
- Mobility
- Devices and local storage if communications are
intermittent or fail (e.g. mobile maps and
databases) - Know what you can actually cover (and what you
are just waiving your hands at and hoping it
either works or is never needed)
14IT Requirements
- What systems need to function
- How fast
- Maximum and optimum time frame for each system or
function to be restored - How well
- Sometimes minimal functionality is sufficient
15IT Requirements
- Where will it be used and by whom and will the
communications infrastructure support it? - Employees
- Users or beneficiaries
- By what priority will systems be restored
- The priority will be modified by what
contingencies - E.g. a long term total evacuation changes the
operational needs for criminal justice systems
and personnel
16Continuity and Disaster Recovery Location Options
- Consider new kinds of mutual aid and sister
city/county/state arrangements - Work with friends, colleagues, associations, and
vendors - To match you with a comparable entities that are
located outside the various geographic threat
circles - Who can mirror your IT operations (hardware,
software, operating systems, and culture)
17People
- Force in depthwho is the backup to the backup to
the backup? - Consider the actual health and physical abilities
and disabilities of a person when assigning tasks
for a disaster scenario - The disaster is not the time to find out the
electrician in the hazmat suit has a heart
condition - What family and personal duties may interfere
with performing official duties (e.g. save your
own kids or save a stranger)?
18Systems
- Daily operational
- Interdependent systems
- Emergency only
- Identity security and access management for
physical and logical security - Follow FIPS 201 for federal/state/local
interoperability
19Integration
- Identify integration issues between
- Internal systems and public safety entities
- Other governmental systems
- Related actors
- Non-governmental systems and processes
- Example 911 and 311or its equivalent
- Normally separate but related
- Emergencies blur the line
- Co-location, cross training, and system
integration
20Implementation and Triage
- Someone better be in charge
- Dispute resolution processes
- Who will be your Sensibility and Sanity Checker
(off site, not affected by the disaster, and
actually getting enough sleep to make sound
decisions)? - Baton Rouge example with Mayor Holden
21Think Third World
- Hand crank your computers
- Bike generators
- Solar and wind power
- Portable water purifiers
- Emergency shelter
- Runners and mountain bikes
- Hand tools
22Think New World
- Internet Protocol (IP) everything
- Bridge between radio, wireless data/WI-FI and use
each as IP conduits as needed - Gigs of portable flash memory
- Satellite data and telephony
23Think New World
- Instant Message
- Text and mobile email
- Cell On Wheels/Boat/Balloon
- Negotiate/legislate priority and bumping rights
in telecommunications provisioning
24Conclusion Essential Public Safety Systems and
Organizations Must Be Disaster Resistant,
Flexible, Diversified, and Redundant(Or We Are
All In Big Trouble)
- Contact Information
- Richard J. H. Varn
- Center for Digital Government
- rjmvarn_at_msn.com