Saturday, June 13, 2015
Cyber Preparedness
Cyber Security in the Smart Grid. "Is that a real problem," you might ask? Well, yes...yes it is. A very real problem. Here's a bit of a blurb from today's news:
The man in charge of America's cyber operations said that on a scale of one to 10, the nation's preparedness to deal with a major cyber attack on critical infrastructure sits at a dismal three.
"Somebody who finds vulnerability in our infrastructure could cause tremendous problems," Army Gen. Keith Alexander, Director of the National Security Agency and chief of U.S. Cyber Command, told audience members at the Aspen Institute's annual security forum. Alexander said that since 2009, attempted cyber attacks on the nation's infrastructure systems have risen seventeen-fold.
"I'm worried most about power. I'm worried about water. I think those are the ones that need the most help," he said.
As emergency managers, we need to question those who run our power grids. Sure, they own the infrastructure, but lives depend on how well they are controlling it! I prefer to think of the power companies as "custodians" of the critical infrastructure, rather than "owners."
My advice to the EM Community - take those custodians to task. Ask them to produce their cyber security plans and their business continuity plans. Your constituents will be grateful.
Friday, May 15, 2015
Don't Get Complacent!
I continually write and speak about the dangers of complacency. More people have died because they refused to recognize the dangers around them than can be counted. All year, the weather prognosticators have been calling for a "less than normal" hurricane season, mostly because of an expected El Nino event. Well, I read the following editorial today:
Forecasters were right about an El Nino this year. The weather phenomenon warms the eastern Pacific Ocean and generates strong wind shear that cuts the top off thunderstorms and stops them from developing. The odds of a major hurricane making U.S. landfall are 27 percent in an El Nino year, compared to 45 percent in a neutral year, according to Colorado Sate University climatologist Phil Klotzbach.
It seems to be doing it's job, so far this year.
In the meantime, Gulf Coast residents shouldn't count on El Nino or the initial forecast for a less-than-average season to protect them.
Sound familiar? Wake up. Smell the Starbucks. Get a plan.
Be Prepared!
Friday, January 2, 2015
I Resolve...
Welcome to 2015! Yet another opportunity to do great new things and to improve on the old.
I resolve to be better through greater use of these four principles: self-awareness, ingenuity, love and leadership.
Self-awareness: “To order one's life”
“Leaders thrive by understanding who they are and what they value, by becoming aware of unhealthy blind spots or weaknesses that can derail them, and by cultivating the habit of continuous reflection and learning.”
Ingenuity: “The whole world will become our house”
“Leaders make themselves and others comfortable in a changing world. They eagerly explore new ideas, approaches and cultures rather than shrink defensively from what lurks around life's next corner. Anchored by nonnegotiable principles and values, they cultivate the ‘indifference’ that allows them to adapt confidently.”
Love: “With greater love than fear”
“Leaders face the world with a confident, healthy sense of themselves as endowed with talent, dignity, and the potential to lead. They find exactly these same attributes in others and passionately commit to honoring and unlocking the potential they find in themselves and in others. They create environments bound and energized by loyalty, affection, and mutual support.”
Leadership: “Eliciting great desires”
“Leaders imagine an inspiring future and strive to shape it rather than passively watching the future happen around them. Leaders extract gold from the opportunities at hand rather than waiting for golden opportunities to be handed to them.”
Wednesday, July 25, 2012
GET A PLAN!
GET A PLAN!
You can take steps to decrease the impact of a disaster by planning in advance and learning about potential threats. It is important to make sure that your plans are adequate for your family’s situation. Practice your plans regularly.
Having a basic kit on hand to sustain yourself and your family after an emergency is an essential part of preparation. Think first about basic survival needs: fresh water, food, clean air, and warmth. Store your supplies in a portable container as close as possible to an exit and review the contents of your kit at least once a year. Include in your kit:
• 3-day supply of water: at least 1 gallon per person per day
• 3-day supply of non-perishable food
• Manual can opener and eating utensils
• Supplies to care for your pets including 3-day supply of food and water,
ID tags, proof of vaccinations, and veterinarian contact information
• Flashlight
• Portable, battery-powered radio
• Extra batteries
• Basic first aid kit and manual
• Warm clothing and blankets
• Whistle
• Filter face masks (N95 rating)
• List of emergency contact information
• Photocopies of important documents (birth certificate, licenses, insurance information, etc.)
• Cash and coins
• Sanitation and hygiene items (hand sanitizer, moist towelettes, feminine hygiene products, toilet paper, etc.)
• Household chlorine bleach and medicine dropper: 9 parts water to 1 part bleach can be used as a disinfectant, 16 drops of bleach to 1 gallon of water can be used to treat water in an emergency (do not use scented, color safe, or bleaches with added cleaners)
• Items for infants (formula, diapers, bottles, and pacifiers) if applicable
• 4 or 5 solar lights (regular garden lights) – these will light your space all night and recharge during the day
Sunday, April 8, 2012
PS-Prep, FEMA, PPD8: Just more crazy acronyms?
It's been said that we live in a world of TLA's (Three Letter Acronyms) and X-TLA's (eXtended Three Letter Acronyms). How true is that? It doesn't seem to matter the field, we all live with them. The ones mentioned in the title to this blog post are important, though, if you plan to have your business prepared for a worst case scenario. The have to do with BCP (Business Continuity Planning) and the establishment of a BCMS (Business Continuity Management System).
Let's start with the Private Sector Preparedness Program (PS-Prep). PS-PREP (also known as Public Law 110-53: Title IX) constitutes a credible, practical, standards-based approach to certification of a business continuity and emergency management program for private sector organizations. It is managed by the Department of Homeland Security, administered by the American National Standards Institute’s American Society for Quality (ASQ), and accredited by the American National Accreditation Board (ANAB), and came as a recommendation from findings of the 9/11 Commission. Organizations can be certified to PS-PREP by an ANAB accredited certifying body.
Under PS-PREP, the organization has the ability to individually select and implement a set of reasonable and appropriate requirements and controls from any one (or a combination) of three different business continuity and emergency management standards. These include:
The National Fire Protection Association’s NFPA-1600- Standard on Disaster/Emergency Management and Business Continuity Programs dated 2007
The American National Standard ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems- Requirements with Guidance for Use
The British Standard Institute’s BS-25999-2:2007 Business Continuity Management- Part 2: Specification.
All of these standards recommend a Plan / Do / Check / Act (PDCA) approach to establishing a BCMS with the enterprise. Since there are very few disasters or crises that you can see coming (hurricanes and floods pretty much round out the set), having a well-practiced, often-exercised plan is imperative for most every business. Basing the plan on proven guidelines make good sense.
Presidential Preparedness Directive 8 (PPD-8) is the newest element of the National Preparedness Directive. Specifically, it identifies six components to improve national preparedness for a wide range of threats and hazards, such as acts of terrorism, cyber attacks, pandemics and catastrophic natural disasters. The system description explains how as a nation we will build on current efforts, many of which are already established in the law and have been in use for many years. These six components include:
Identifying and assessing risks;
Estimating capability requirements;
Building or sustaining capabilities;
Developing and implementing plans to deliver those capabilities;
Validating and monitoring progress made towards achieving the National Preparedness Goal; and
Reviewing and updating efforts to promote continuous improvement.
Most of this can be accomplished through adherence to the standards and programs mentioned under PS-Prep.
The Federal Emergency Management Agency (FEMA) is chartered with managing these programs. A pretty good idea, assuming that getting more entities on board could result in lowered risk and therefore lowered impact to the nation's resources.
So - how are YOU doing? Does your company have a BCP? Is it compliant with one or more of the BCP Standards? Do you exercise it regularly? Has it been audited by an external resource?
Let me know if you need help answering any of these questions.
Ed.minyard@responseforce1.com
Let's start with the Private Sector Preparedness Program (PS-Prep). PS-PREP (also known as Public Law 110-53: Title IX) constitutes a credible, practical, standards-based approach to certification of a business continuity and emergency management program for private sector organizations. It is managed by the Department of Homeland Security, administered by the American National Standards Institute’s American Society for Quality (ASQ), and accredited by the American National Accreditation Board (ANAB), and came as a recommendation from findings of the 9/11 Commission. Organizations can be certified to PS-PREP by an ANAB accredited certifying body.
Under PS-PREP, the organization has the ability to individually select and implement a set of reasonable and appropriate requirements and controls from any one (or a combination) of three different business continuity and emergency management standards. These include:
The National Fire Protection Association’s NFPA-1600- Standard on Disaster/Emergency Management and Business Continuity Programs dated 2007
The American National Standard ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems- Requirements with Guidance for Use
The British Standard Institute’s BS-25999-2:2007 Business Continuity Management- Part 2: Specification.
All of these standards recommend a Plan / Do / Check / Act (PDCA) approach to establishing a BCMS with the enterprise. Since there are very few disasters or crises that you can see coming (hurricanes and floods pretty much round out the set), having a well-practiced, often-exercised plan is imperative for most every business. Basing the plan on proven guidelines make good sense.
Presidential Preparedness Directive 8 (PPD-8) is the newest element of the National Preparedness Directive. Specifically, it identifies six components to improve national preparedness for a wide range of threats and hazards, such as acts of terrorism, cyber attacks, pandemics and catastrophic natural disasters. The system description explains how as a nation we will build on current efforts, many of which are already established in the law and have been in use for many years. These six components include:
Identifying and assessing risks;
Estimating capability requirements;
Building or sustaining capabilities;
Developing and implementing plans to deliver those capabilities;
Validating and monitoring progress made towards achieving the National Preparedness Goal; and
Reviewing and updating efforts to promote continuous improvement.
Most of this can be accomplished through adherence to the standards and programs mentioned under PS-Prep.
The Federal Emergency Management Agency (FEMA) is chartered with managing these programs. A pretty good idea, assuming that getting more entities on board could result in lowered risk and therefore lowered impact to the nation's resources.
So - how are YOU doing? Does your company have a BCP? Is it compliant with one or more of the BCP Standards? Do you exercise it regularly? Has it been audited by an external resource?
Let me know if you need help answering any of these questions.
Ed.minyard@responseforce1.com
Sunday, August 28, 2011
Complacency: Letting your Guard Down after Irene?
Complacency is an interesting phenomenon. It usually occurs after great success. Ever wonder why so few pro teams "3 peat"? It's because they couldn't "repeat." Why? Because they become complacent. In our business - that of disaster response and emergency management - complacent kills.
In NOLA, most of the folks who died had the attitude that they could "ride this one out", just as they and their parents had all the "other storms." Complacency, writ large.
So, here we are, on 8/28/2011 - one day shy of the 6th anniversary of Katrina. Irene is literally passing my front door right now, here in the White Mountains of New Hampshire. We've had 7 inches of rain since 10AM (ok, I could have been up earlier, but WHY?), and the wind is till puffing about. 15 lives lost have been contributed to this storm, and who knows how much property damage? 4 million people are without power (which, for those of you who haven't spent a few days without power, really sucks) and flooding is all over. But, you know what? NO ONE WAS COMPLACENT! Everyone took this seriously.
That said, since it wasn't "so bad," will the same folks along the east Coast take the next storm seriously? Will folks evacuate, when told, in the face of the next, inevitable, storm? Man, I truly hope so.
In 2008, my team and I were back in NOLA, helping to execute an evacuation plan which, 2 years earlier, we helped to write. We got out everyone that needed to get out.
Then, the storm went around us.
Mayor Nagin, at that time, like Mayor Bloomberg, this time, made a very hard and costly decision. Made in the spirit of saving lives. I was also in Mexico City when Mayor Marcelo Ebrard made the tough decision to shut that giant city down, when faced with H1N1 - again, to save lives.
But, it turns out, none of those events turned out to be as bad as the "hype" made them seem.
So, what about next time?
My guess? People will die. They will die because of complacency. That John Wayne attitude that says, "How bad can it be? I survived the last one!"
As I write this, there are several new storm systems developing in the Atlantic and one predicted for the Gulf of Mexico. We are not yet at the peak of Hurricane Season 2011. We've just had a 5.9 earthquake on the EAST COAST.
Seriously, Are You Ready?
Or are you COMPLACENT?
In NOLA, most of the folks who died had the attitude that they could "ride this one out", just as they and their parents had all the "other storms." Complacency, writ large.
So, here we are, on 8/28/2011 - one day shy of the 6th anniversary of Katrina. Irene is literally passing my front door right now, here in the White Mountains of New Hampshire. We've had 7 inches of rain since 10AM (ok, I could have been up earlier, but WHY?), and the wind is till puffing about. 15 lives lost have been contributed to this storm, and who knows how much property damage? 4 million people are without power (which, for those of you who haven't spent a few days without power, really sucks) and flooding is all over. But, you know what? NO ONE WAS COMPLACENT! Everyone took this seriously.
That said, since it wasn't "so bad," will the same folks along the east Coast take the next storm seriously? Will folks evacuate, when told, in the face of the next, inevitable, storm? Man, I truly hope so.
In 2008, my team and I were back in NOLA, helping to execute an evacuation plan which, 2 years earlier, we helped to write. We got out everyone that needed to get out.
Then, the storm went around us.
Mayor Nagin, at that time, like Mayor Bloomberg, this time, made a very hard and costly decision. Made in the spirit of saving lives. I was also in Mexico City when Mayor Marcelo Ebrard made the tough decision to shut that giant city down, when faced with H1N1 - again, to save lives.
But, it turns out, none of those events turned out to be as bad as the "hype" made them seem.
So, what about next time?
My guess? People will die. They will die because of complacency. That John Wayne attitude that says, "How bad can it be? I survived the last one!"
As I write this, there are several new storm systems developing in the Atlantic and one predicted for the Gulf of Mexico. We are not yet at the peak of Hurricane Season 2011. We've just had a 5.9 earthquake on the EAST COAST.
Seriously, Are You Ready?
Or are you COMPLACENT?
Wednesday, August 24, 2011
Hurricanes and Earthquakes
Last year, I gave a presentation on the probable impacts of a Cat 3 storm hitting NYC. Well, today we are faced with a possibility of all that occurring. Here are a few points from my presentation:
According to a 1995 study, a category three hurricane on a worst-case track could create a surge of up to 25 feet at JFK Airport, 21 feet at the Lincoln Tunnel entrance, 24 feet at the Battery, and 16 feet at La Guardia Airport. These figures do not include the effects of tides nor the additional heights of waves on top of the surge.
In the event of a hurricane, authorities would focus their efforts on moving those in low-lying areas of the city- roughly 3.3 million people- to higher ground. However, New York can provide shelter for only 800,000 people, leaving the potential of more than 2 million people to fend for themselves.
A category 3 storm would put Wall Street under 10 feet of water in moments, its winds would turn skyscrapers into perilous wind tunnels.
A major hurricane in New York would create a national setback of enormous proportions.
So, what about earthquakes? In NYC? Yep, very possible and has already happened -
The city can expect a magnitude 5 quake, which is strong enough to cause damage, once every 100 years, according to the report addressed in the following link. (Magnitude is a measure of the energy released at the source of an earthquake.) The scientists also calculate that a magnitude 6, which is 10 times larger, has a 7 percent chance of happening once every 50 years and a magnitude 7 quake, 100 times larger, a 1.5 percent chance.
http://www.gothamgazette.com/article/iotw/20080929/200/2660
So, the question is, ARE YOU READY?
According to a 1995 study, a category three hurricane on a worst-case track could create a surge of up to 25 feet at JFK Airport, 21 feet at the Lincoln Tunnel entrance, 24 feet at the Battery, and 16 feet at La Guardia Airport. These figures do not include the effects of tides nor the additional heights of waves on top of the surge.
In the event of a hurricane, authorities would focus their efforts on moving those in low-lying areas of the city- roughly 3.3 million people- to higher ground. However, New York can provide shelter for only 800,000 people, leaving the potential of more than 2 million people to fend for themselves.
A category 3 storm would put Wall Street under 10 feet of water in moments, its winds would turn skyscrapers into perilous wind tunnels.
A major hurricane in New York would create a national setback of enormous proportions.
So, what about earthquakes? In NYC? Yep, very possible and has already happened -
The city can expect a magnitude 5 quake, which is strong enough to cause damage, once every 100 years, according to the report addressed in the following link. (Magnitude is a measure of the energy released at the source of an earthquake.) The scientists also calculate that a magnitude 6, which is 10 times larger, has a 7 percent chance of happening once every 50 years and a magnitude 7 quake, 100 times larger, a 1.5 percent chance.
http://www.gothamgazette.com/article/iotw/20080929/200/2660
So, the question is, ARE YOU READY?
Subscribe to:
Posts (Atom)
