Embed Size (px)
Citation preview
Homeland Security and Homeland Security and
Business Continuity Business Continuity PlanningPlanning
After September 11, After September 11, 20012001
Curtis K.S. Levinson CDP, CISSP, CBCPCurtis K.S. Levinson CDP, CISSP, CBCP
National Secure Technology and Homeland SecurityNational Secure Technology and Homeland Security
Practice ManagerPractice Manager
SBC PremierServ Consulting ServicesSBC PremierServ Consulting Services
September 11, 2001 City of New September 11, 2001 City of New YorkYork
• What Did Not Work:What Did Not Work:– The Public Switched Telephone The Public Switched Telephone
NetworkNetwork– Most Cellular Telephone ServiceMost Cellular Telephone Service– Most Wireless/Paging ServicesMost Wireless/Paging Services– US MailUS Mail– Private Delivery Services (UPS, FedEx, Private Delivery Services (UPS, FedEx,
etc)etc)
September 11, 2001 City of New September 11, 2001 City of New YorkYork
• What Did Work:What Did Work:– The InternetThe Internet– Private IP NetworksPrivate IP Networks– UFH, VHF, MicrowaveUFH, VHF, Microwave– ““Ham” RadioHam” Radio
September 11, 2001 City of New September 11, 2001 City of New YorkYork
• Some Lessons Learned:Some Lessons Learned:– Plan for Public System OverloadsPlan for Public System Overloads– VoIP for IP NetworksVoIP for IP Networks– Use of Alternative BackupUse of Alternative Backup– Distribution of AssetsDistribution of Assets– Business Continuity Planning Beyond Business Continuity Planning Beyond
Disaster RecoveryDisaster Recovery– Practice, Rehearse and DrillPractice, Rehearse and Drill– Practice, Rehearse and DrillPractice, Rehearse and Drill– Repeat OftenRepeat Often
September 11, 2001 City of New September 11, 2001 City of New YorkYork
• What Does The Future Hold?What Does The Future Hold?– The War Has Just BegunThe War Has Just Begun– Cyber Terrorism is just beginningCyber Terrorism is just beginning– Infrastructure Means More Than It Used ToInfrastructure Means More Than It Used To– Virus Protection/Content Filtering cannot Virus Protection/Content Filtering cannot
keep upkeep up– Overnight Delivery is NOT a good strategyOvernight Delivery is NOT a good strategy– They are more capable with technology They are more capable with technology
than we thoughtthan we thought– The Goals of Terrorism are NOT Clearly The Goals of Terrorism are NOT Clearly
UnderstoodUnderstood– When? Soon!When? Soon!
Information Technology:Information Technology:IT’s Role in Homeland SecurityIT’s Role in Homeland Security
• IT has already “won” – it is considered a key IT has already “won” – it is considered a key strategic asset in homeland securitystrategic asset in homeland security– ““We can’t combat a networked enemy with a We can’t combat a networked enemy with a
mainframe response. We need a networked mainframe response. We need a networked response.” – Utah Governor Michael Leavitt, response.” – Utah Governor Michael Leavitt, co-chair of NGA Homeland Security Task co-chair of NGA Homeland Security Task Force, September 19, 2001Force, September 19, 2001
– The best practices, innovative solutions, and The best practices, innovative solutions, and creative ideas are out there – the challenge is creative ideas are out there – the challenge is identifying and bringing them forwardidentifying and bringing them forward
• The theme of private-public, federal-state-local The theme of private-public, federal-state-local partnership is undeniablepartnership is undeniable
Challenges to Homeland SecurityChallenges to Homeland Security
•Organization and CultureOrganization and Culture•A vast number of federal, state, and local government entities have A vast number of federal, state, and local government entities have a role–but they don’t yet share information.a role–but they don’t yet share information.
•Process and PracticeProcess and Practice•The role of these entities must be coordinated, and many of them The role of these entities must be coordinated, and many of them need more training and drills.need more training and drills.
•Technology CapabilitiesTechnology Capabilities•Access to information and communications needs to be resilient, Access to information and communications needs to be resilient, interoperable, and ubiquitous.interoperable, and ubiquitous.
•Difficulties for Organizations to Obtain FundingDifficulties for Organizations to Obtain Funding•Understanding where, how, and when to obtain funding and apply Understanding where, how, and when to obtain funding and apply for Federal Grantsfor Federal Grants
What is Business Continuity What is Business Continuity Planning?Planning?
• The advance planning and preparations which are The advance planning and preparations which are necessary to minimize loss and ensure the availability of necessary to minimize loss and ensure the availability of mission critical time-sensitive business processes and the mission critical time-sensitive business processes and the supporting technology infrastructure of an organization.supporting technology infrastructure of an organization.
• The goal of BCP is to assist the organization to continue The goal of BCP is to assist the organization to continue functioning if normal technology operations are functioning if normal technology operations are disrupted.disrupted.– BCP includes actions to take before, during and afterBCP includes actions to take before, during and after
an incidentan incident– BCP may include the following types of plans:BCP may include the following types of plans:
• Disaster Recovery Plans Disaster Recovery Plans (Technology/Telecommunications/Staffing)(Technology/Telecommunications/Staffing)
• Mission Critical Business Operations Continuity Mission Critical Business Operations Continuity PlansPlans
• Crisis Management and Containment PlansCrisis Management and Containment Plans
Business Continuity PlanningBusiness Continuity Planning
• Enables core business applications to Enables core business applications to continue in the event of a disaster with continue in the event of a disaster with little or no disruption.little or no disruption.– Addresses unforeseen incidents of a sudden Addresses unforeseen incidents of a sudden
and severe nature that threaten the crucial and severe nature that threaten the crucial functions of an organization.functions of an organization.
– Seeks to prevent interruption of mission-Seeks to prevent interruption of mission-critical services.critical services.
– Seeks to reestablish full functionality quickly Seeks to reestablish full functionality quickly and seamlessly.and seamlessly.
– Identifies and documents individual task Identifies and documents individual task assignments.assignments.
What is a Business Disaster?What is a Business Disaster?
• Any event that inhibits critical business functions.Any event that inhibits critical business functions.• Common Threats and Disasters:Common Threats and Disasters:
Natural DisastersFireFloodsWater Damage
Terrorism and SabotageTheftFraudVandalism
Technical FailuresHardware or Software failureVirusesData Corruption
Utility FailuresElectrical Disruptions and/or Blackouts
Notable Notable Communications Communications
DisastersDisasters
Planning for DisastersPlanning for Disasters • Businesses must realize that a disaster may Businesses must realize that a disaster may
be just around the corner. be just around the corner. – What would happen if a fire occurred? What would happen if a fire occurred? – What would be the damage of:What would be the damage of:
•An electronic attack? An electronic attack? •A physical attack?A physical attack?
• Disruptions can be devastating…whether Disruptions can be devastating…whether they last hours, minutes, or seconds. they last hours, minutes, or seconds.
• Bottom Line: It doesn’t matter what caused Bottom Line: It doesn’t matter what caused the interruption … service must be restored!the interruption … service must be restored!
DISASTER! What Now?DISASTER! What Now?
• Implement the Disaster Recovery portion Implement the Disaster Recovery portion of the Business Continuity Plan of the Business Continuity Plan immediatelyimmediately..
• Follow the documented Disaster Follow the documented Disaster Recovery Plan.Recovery Plan.– Failure to implement a recovery procedure Failure to implement a recovery procedure
on a timely basis can result in irrevocable on a timely basis can result in irrevocable loss.loss.
– The Business Continuity Plan, and its The Business Continuity Plan, and its supporting technologies, are worthless if the supporting technologies, are worthless if the Disaster Recovery Plan is not implemented Disaster Recovery Plan is not implemented correctly.correctly.Practice makes Perfect!Practice makes Perfect!
Key Business Continuity Key Business Continuity ApplicationsApplications
• E-mailE-mail• Internet AccessInternet Access• Intranet / ExtranetIntranet / Extranet• LANsLANs
– LAN-to-LAN LAN-to-LAN InterconnectionInterconnection
– Remote LAN Remote LAN AccessAccess
• VideoconferencingVideoconferencing
• Legacy SystemsLegacy Systems• Records and Records and
SystemsSystems– BankingBanking– Brokerage FirmsBrokerage Firms– FinancialFinancial– InsuranceInsurance– MedicalMedical– Order EntryOrder Entry
TriageTriage
• Work with the key staff members to identify Work with the key staff members to identify which applications and operations are:which applications and operations are:– Critical and require immediate Critical and require immediate
restoration.restoration.– Critical, but may be delayed for a Critical, but may be delayed for a
specified period of time.specified period of time.– Not critical and therefore require little or Not critical and therefore require little or
no attention during a disaster.no attention during a disaster.• Ask your staff:Ask your staff:
– ““When's the last time we updated and When's the last time we updated and tested our Business Continuity Plan under tested our Business Continuity Plan under livelive conditions?” conditions?”
Emergency Services Unique to SBCEmergency Services Unique to SBC• Crisis Alert Management System (CAMS)Crisis Alert Management System (CAMS)
– This service is intended for use by government departments or businesses to This service is intended for use by government departments or businesses to notify residents, businesses, and/or clients of essential information. This notify residents, businesses, and/or clients of essential information. This information is provided in either of two ways: as ‘published’ information that information is provided in either of two ways: as ‘published’ information that the government or business provides on the Web and telephone system for the government or business provides on the Web and telephone system for citizens/customers to access at their discretion; or as specialized information citizens/customers to access at their discretion; or as specialized information that can be entered through either the Web or telephone system and issued to that can be entered through either the Web or telephone system and issued to one of the dial-out calling lists stored in the government’s or business’ one of the dial-out calling lists stored in the government’s or business’ database.database.
• IntelliIntelliCast (aka Emergency Warning and Evacuation Cast (aka Emergency Warning and Evacuation – IntelliIntelliCast augments other emergency warning systems by quickly telephoning Cast augments other emergency warning systems by quickly telephoning
targeted areas with a specific warning message. targeted areas with a specific warning message. IntelliIntelliCast combines a Cast combines a telephone number database (e.g. 9-1-1 database or other telephone number telephone number database (e.g. 9-1-1 database or other telephone number and address listing data.), x,y coordinate geographic routing database, and and address listing data.), x,y coordinate geographic routing database, and outbound calling. outbound calling. IntelliIntelliCast utilizes the coordinate routing database to Cast utilizes the coordinate routing database to generate telephone number extracts for specified areas, which define an generate telephone number extracts for specified areas, which define an emergency event. Emergency event boundaries may be either pre-planned (as emergency event. Emergency event boundaries may be either pre-planned (as in the case of a flood zone) or “drawn” in real time (such as a chemical fire with in the case of a flood zone) or “drawn” in real time (such as a chemical fire with toxic plume). The telephone numbers are then extracted and outbound calling toxic plume). The telephone numbers are then extracted and outbound calling begins with the dialing of the telephone numbers extracted from the event begins with the dialing of the telephone numbers extracted from the event boundaries and delivering a voice message notification generated by the boundaries and delivering a voice message notification generated by the customer. Outbound calling will provide a maximum capacity of 1,132 customer. Outbound calling will provide a maximum capacity of 1,132 simultaneous calls, initially.simultaneous calls, initially.
SBC PremierServ Consulting SBC PremierServ Consulting ServicesServices
• Complete BCP/DR Plan Complete BCP/DR Plan DevelopmentDevelopment
• Evaluation of Existing Evaluation of Existing BCP/DR PlansBCP/DR Plans
• BCP/DR TrainingBCP/DR Training• BCP/DR HotSite BCP/DR HotSite
ServicesServices• Internet and Intranet Internet and Intranet
Security EvaluationSecurity Evaluation• Technology Risk Technology Risk
AssessmentAssessment
• Application Application Performance Performance Planning and Planning and AnalysisAnalysis
• Business Business Requirement Requirement Assessment and Assessment and Compliance AnalysisCompliance Analysis
• Infrastructure and Infrastructure and Application Testing Application Testing MethodologiesMethodologies
Experts in Homeland SecurityExperts in Homeland Security
• We are ready to be your homeland security We are ready to be your homeland security providerprovider– Solid understanding of homeland security Solid understanding of homeland security
initiativesinitiatives– Highly reliable and secure all-digital networkHighly reliable and secure all-digital network– Well-developed emergency preparedness Well-developed emergency preparedness
plansplans– 24x7 surveillance and response24x7 surveillance and response– Long and successful history of local supportLong and successful history of local support
– Highly-skilled employeesHighly-skilled employees
Note: SBC, the SBC logo and other SBC product and service names are trademarks or registered trademarks of SBC Properties, L.P. or its affiliated companies. All other trademarks and service marks are the property of their respective owners. 2003 SBC Properties, L.P. All rights reserved.
