THANK YOU FOR SUBSCRIBING
Mention the term Disaster Recovery in Emergency Management circles and the first thing that comes to mind is recovery after a disaster like a hurricane, tornado, or earthquake. It makes sense, right? Afterall,that is what Emergency Managers have been trained to thinksince we took our first NIMS steps. We have the FEMA National Disaster Recovery Framework, the Guidance for Pre-Disaster Recovery Planning, and the Recovery mission area, all focused on natural and man-made disasters.
There is another perspective we must consider,butrarelyponder: Information Technology. In that realm, Disaster Recovery means something quite different, the recovery of Information Technology systems after a catastrophic incident. We use the same term, but it is a vastly different kind ofdisaster recovery.
Organizations rely on information systems for just about every part of their operations. The loss of these systems, whether due to a natural disaster, cyber-criminal activity, or simply equipment breakage, couldhave severe consequences.In terms of risk categorization, these events are low frequency, high impact events organizations may be unprepared for. Ask any organization that has been the target of ransomware attacksor catastrophic loss of key facilities and equipment how disruptive and damaging it was to their business operations.
What role does Emergency Management have in preparing for an IT Disaster? Think Continuity of Operations and Continuity of Government, or in the private sector, Business Continuity. An IT disaster directly impacts the ability organization to continue normal operations, but is not well planned for, regarded as an IT specific issue. Think again!
As an Emergency Management Coordinator several years ago in another organization, I asked departments what they would do if they lost all computer resources. The first response was, “IT has a back-up, don’t they?”When I explained there was a plan, but it may take some time to restore all the systems damaged in a serious IT disaster. The response was, “We can’t function.” This was clearly not the answer I was looking for. The system had been so robust and stable, they hadn’t considered it could be disrupted or even disabled.
Continuity planning focuses on continuing essential functions and in our IT based environment, loss of systems must be planned for. The response, “We can’t function,” or “We’re done!” is not a plan for how to continue essential functions, and most likely is not accurate. Emergency Management must help facilitate the discussions and help develop a plan that will accomplish the most important functions, without the needed computer resources.
We rely on computer technology for so many functions within our organizations. Operating without them may be uncomfortable, howeverit could happen. Computer equipment breaks down.It can be hacked.It can be destroyed in natural, technological, and human-caused disasters. We need to help our organization becomeprepared to ensure continuity of our critical functionsfor our constituents and our customers.
Pose the question during continuity planning. Facilitate discussion around strategies for that day when network resources are not available. Encourage practice so departmentscan do what needs to be done. Exercise the plans so a culture of preparedness is developed for this and all hazards that could be on the horizon.After it happens is simply too late.