Disaster Preparedness, Disaster Recovery, and Business Continuity in Public Safety

1
Disaster Preparedness, Disaster Recovery, and
Business Continuity in Public Safety

• Be Prepared That's the motto of the Boy
  Scouts.
• "Be prepared for what?" someone once asked
  Baden-Powell, the founder of Scouting, "Why, for
  any old thing." said Baden-Powell.
• (Boy Scout Handbook, 11th edition, page 54)

2
Overlapping and Inter-Related Responsibilities
Disaster Preparedness and Recovery and Business
Continuity
Physical Security
Quality Assurance Methodologies
Cyber Security
Public Safety
3
Public Safety Scenarios

• Public safety entities have a more difficult
  challenge
• Your IT DR/BC plan is intertwined with risk
  scenarios
• You may be affected by the risks of a given
  scenario and your IT plan must address those
  risks appropriately to maintain operations
• You also have a role in response to the scenario
  so the events will affect your operational
  requirements

4
Scenarios Overview

• Threat driven geographic circles of impact
• Kinds of threats and events
• Responsibility
• What will you do, what is shared, what do others
  have to do for themselves
• Tolerance for risk and uncertainty
• Lesson learned if you have a well known and
  documented local risk
• Have a real plan or get ready for a career change

5
Start With A Readiness Dashboard

• All aspects of the plan, testing, and
  implementation should be scored simply (Red,
  Yellow, and Green)
• Key indicators of planning and readiness need a
  dashboard to enable assessment and action
• Score or status
• Trend
• Key issue

6
Engage the Policy Makers

• Executive, legislative, and judicial
• Those who hold the seat and those who actually
  make the decisions
• Go below the top level to ensure clarity,
  alignment, and redundancy
• EOC designees
• Emergency authorizers and authoritydecide how
  you will bust though red tape and bottle necks
  when it is needed

7
First Steps

• Leadership clarity, alignment, and commitment
• Authority or consensus?
• Stakeholders roles and responsibilities
• Be clear about risk tolerance
• Applications and IT assets inventory
• If needed, dust off and update your Y2K work
• Good data on plan status, readiness, test
  results, response, and compliance

8
First Steps

• Make a friend in accountingactuarially accurate
  threat scenarios are more likely to be funded as
  risk and cost can be properly balanced
• Review existing plan or make a plan
• Borrow or buy a template
• Review peer plans and conduct site visits
• Communicate until it hurts

9
Know How Non-Governmental Organizations Fit In

• Media
• Broadcast and satellite
• Emergency Broadcast System Members
• Print
• New media
• The Web
• Government site mangers
• Commercial site managers
• Citizens and bloggers
• Self-organizing communities (e.g. Craigs List)

10
Know How Non-Governmental Organizations Fit In

• Charities
• Businesses and business associations
• Community organizations
• Vital private services (hospitals, nursing homes,
  etc. )

11
Nail Down Your Critical Functions

• Law and order essentials (people, mobility,
  tools, survival basics, etc.)
• Communications
• Personnel management (policies, scheduling,
  notification trees and systems, counseling, etc.)
• Data and the connections to data and people
• Transactional systems

12
Nail Down Your Critical Functions

• Rescue and response
• Pipeline to the health care system
• Building/location/hazmat information for fire and
  first responders
• Justice processing and incarceration
• Dispatch

13
Nail Down Your Critical Functions

• Records
• Mobility
• Devices and local storage if communications are
  intermittent or fail (e.g. mobile maps and
  databases)
• Know what you can actually cover (and what you
  are just waiving your hands at and hoping it
  either works or is never needed)

14
IT Requirements

• What systems need to function
• How fast
• Maximum and optimum time frame for each system or
  function to be restored
• How well
• Sometimes minimal functionality is sufficient

15
IT Requirements

• Where will it be used and by whom and will the
  communications infrastructure support it?
• Employees
• Users or beneficiaries
• By what priority will systems be restored
• The priority will be modified by what
  contingencies
• E.g. a long term total evacuation changes the
  operational needs for criminal justice systems
  and personnel

16
Continuity and Disaster Recovery Location Options

• Consider new kinds of mutual aid and sister
  city/county/state arrangements
• Work with friends, colleagues, associations, and
  vendors
• To match you with a comparable entities that are
  located outside the various geographic threat
  circles
• Who can mirror your IT operations (hardware,
  software, operating systems, and culture)

17
People

• Force in depthwho is the backup to the backup to
  the backup?
• Consider the actual health and physical abilities
  and disabilities of a person when assigning tasks
  for a disaster scenario
• The disaster is not the time to find out the
  electrician in the hazmat suit has a heart
  condition
• What family and personal duties may interfere
  with performing official duties (e.g. save your
  own kids or save a stranger)?

18
Systems

• Daily operational
• Interdependent systems
• Emergency only
• Identity security and access management for
  physical and logical security
• Follow FIPS 201 for federal/state/local
  interoperability

19
Integration

• Identify integration issues between
• Internal systems and public safety entities
• Other governmental systems
• Related actors
• Non-governmental systems and processes
• Example 911 and 311or its equivalent
• Normally separate but related
• Emergencies blur the line
• Co-location, cross training, and system
  integration

20
Implementation and Triage

• Someone better be in charge
• Dispute resolution processes
• Who will be your Sensibility and Sanity Checker
  (off site, not affected by the disaster, and
  actually getting enough sleep to make sound
  decisions)?
• Baton Rouge example with Mayor Holden

21
Think Third World

• Hand crank your computers
• Bike generators
• Solar and wind power
• Portable water purifiers
• Emergency shelter
• Runners and mountain bikes
• Hand tools

22
Think New World

• Internet Protocol (IP) everything
• Bridge between radio, wireless data/WI-FI and use
  each as IP conduits as needed
• Gigs of portable flash memory
• Satellite data and telephony

23
Think New World

• Instant Message
• Text and mobile email
• Cell On Wheels/Boat/Balloon
• Negotiate/legislate priority and bumping rights
  in telecommunications provisioning

24
Conclusion Essential Public Safety Systems and
Organizations Must Be Disaster Resistant,
Flexible, Diversified, and Redundant(Or We Are
All In Big Trouble)

• Contact Information
• Richard J. H. Varn
• Center for Digital Government
• rjmvarn_at_msn.com