The Role of Telecommunications and Information Technology in Disaster Preparedness
[Author's Note] Mr. Michael Murphy ("Tarkus") has more than a decade of network design and business systems recovery experience. Mr. Murphy has also been an international advocate of proactive disaster preparedness response frameworks, which have life safety as their primary goal. In January of 2004, Mr. Murphy and others proposed to the U.S. Air Force a proactive and best practices framework beginning with the Great Lakes Region. In March of 2004, the Department of Homeland Security released its National Incident Management System (NIMS) Manual. In December of 2004 the Department of Homeland Security released its National Response Plan http://www.dhs.gov/dhspublic/display?theme=14&content=4264 .
This document should help any business or government group identify issues when seeking to develop a disaster plan. Earlier documents include Michael's Disaster Preparedness presentation in Osaka, Japan in 2002. Following the Japan presentation, Michael began seeking organizations who were involved in proactive disaster planning. The Homeland Security Act passed during the drafting of the first version of this document in 2002. Although comprehensive planning may be the role of government, individuals and organizations should consider expanding their own disaster plans to incorporate proactive planning concepts. Such procedures may be required of corporations in compliance with Sarbanes Oxley (SOX) regulations.
In the aftermath of Katrina and Rita, it became clear that much needs to be done in order to improve disaster response. A brief obsession with terrorism may have caused the response community to fail to appreciate the magnitude of natural disasters. Preliminary GAO reports have not been favorable. Many sections of the GAO reports track the ideas in the 2004 proposal from which this document is derived. I have provided the GAO with a copy of the 2004 proposal after they issued their preliminary report.
Mr. Murphy grants permission to reproduce the Article, below, in whole or in part so long as the Article contains a reference to the title, author, copyright and the link from which the Article was obtained. Cited, here, as: http://www.ceci.org/500/Disaster.htm . Articles reproduced on the Internet should also include live links to the source Article.
The Role of Telecommunications and Information Technology in Disaster Preparedness
by "Tarkus" Michael Murphy (© 1999, 2002, 2003, Updated October 2004, 12/04, 1/05, 3/05, 8/05, 9/05 4/06))
for the Chicagoland Electronic Commerce Initiative (www.ceci.org), et. al.
Disasters often reveal the fragility of local communication infrastructures. Systems that survive a disaster may suffer subsequent failures as a result of a sudden increase in demand directly resulting from the disaster. While our national communications infrastructure may have a strong measure of resiliency, the same may not be said for many local and business networks. Furthermore, restoration of services and property always must be secondary to life safety.
Business disaster systems should have as their primary goal, the ability to allow first responders to help as many people as possible. The subsequent goals are to ensure that the disaster teams comply with local authorities and, when possible, take actions to mitigate subsequent disasters, restore communications and preserve assets. Team members working on business preservation should not be involved in life safety teams. All teams should be made aware that their tasks are subject (and secondary) to local or Federal authorities and response teams.
If you have a disaster preparedness plan that has not been updated to reflect the Department of Homeland Security "All Hazard" plans for your local jurisdiction, now is the time to act. The Department of Homeland Security has the responsibility for responding to major disasters resulting from the caprice of nature or the maliciousness of man. By definition, "major disasters" involve a significant threat to human life and property. There is also a wide range of disaster events that may not be considered major disasters, but still require swift response to mitigate the harmful consequences of the specific event.
"All-Hazard Plan" (Incident Management)
On Nov. 25, 2002, President George W. Bush signed the Homeland Security Act of 2002 (Public Law No: 107-296). The Act mandates the creation of a "cabinet level position" and the blending of several existing federal entities to effect the provisions of the Act. The law also incorporates some key definitions of the Robert T. Stafford Disaster Relief and Emergency Assistance Act, (Pub. L. No. 93-288, as amended).
The underlying definition of the Stafford Act will continue to be amended to include threats to Homeland Security, which were not contemplated when the Stafford Act was drafted. Preparations for Civil Defense may have once considered broad based attacks from a country, but modern preparations must now also consider localized attacks from smaller domestic or foreign terrorists.
The Department of Homeland Security is expected to develop a comprehensive national incident management system for response to terrorist incidents and natural disasters. This "all hazard plan" will significantly expand the role of the Disaster Relief and Emergency Assistance Act (which replaced the Civil Defense Act of 1950. Public Law 81-920, as amended ) beyond its implementation before and after September 11, 2001. (See, inter alia, Emergency Management and Assistance, Code of Federal Regulations, Title 44 and Presidential Decision Directive 39 (PDD-39)).
The Under Secretary for Emergency Preparedness and Response is be responsible for functions relevant to emergency preparedness and response. The Under Secretary is to required to build a comprehensive national incident management system, and will consolidate existing federal government emergency response plans into a single, coordinated national response plan. (www.dhs.gov/dhspublic/theme_home2.jsp)
The first U. S. Department of Homeland Security standardized management plan was released in March of 2004. The National Incident Management System (NIMS) creates a unified structure for Federal, state, and local lines of government for incident response. A final National Response Plan is under development and will eventually replace the Initial National Response Plan, while NIMS will continue to provide the Nation's doctrinal guidance for incident management for acts of terrorism, natural disasters, and other emergencies. ( http://www.dhs.gov/dhspublic/display?theme=15&content=3255 )
The description below, is from the commentary on the Homeland Security Act:
. The Department would work with federal, state, and local public safety organizations to build a comprehensive national incident management system for response to terrorist incidents and natural disasters. This system would clarify and streamline federal incident management procedures, eliminating the artificial distinction between "crisis management" and "consequence management." The Department would consolidate existing federal government emergency response plans – namely the Federal Response Plan, the National Contingency Plan, the U.S. government Interagency Domestic Terrorism Concept of Operations Plan, and the Federal Radiological Emergency Response Plan – into one genuinely all-hazard plan. In time of emergency, the Department would manage and coordinate federal entities supporting local and state emergency response efforts.Incident Management
Interoperable Communications. In the aftermath of any major terrorist attack, emergency response efforts would likely involve hundreds of offices from across the government and the country. It is crucial for response personnel to have and use equipment and systems that allow them to communicate with one another. The current system has not yet supplied the emergency response community with the technology that it needs for this mission. The new Department of Homeland Security would make this a top priority.
Source: Department of Homeland Security http://www.whitehouse.gov/deptofhomeland/sect4.html#4-2
Is Your Business Disaster Plan Up To Date?
You don't have to wait for the final National Response Plan to begin your own planning. The shift in disaster philosophy over the past few years has been away from prevention to planned response. People who are trained to react to a disaster also may be able to mitigate its effect (or at least prevent disasters consequent from happening). Teams trained to respond to a number of disaster scenarios follow escalation procedures that have been tested through drills or previous emergencies.
A disaster preparedness plan is a document that details all the required steps, points of contact, and team responsibilities in the event a disaster should incapacitate an entity's ability to perform service or other essential business activities. A well drafted disaster plan can help determine intelligent response strategies and alternatives in advance of a disaster and suggest escalation procedures to help a company respond to significant service outages. It can also help develop predetermined tradeoffs between acceptable performance levels, business impact, disaster probability and disaster recovery expenses.
Advance preparation for disasters can be documented in a Disaster Planning Manual and placed in the hands of key individuals. Separation of life safety and equipment duties is essential prior to the onset of a disaster. Training, drills and evaluation are essential to keep the plan relevant.
The most desirable disaster preparedness plan is one that is kept current but, which never has to be used. A traditional planning cycle is to Plan, Prepare, Respond and Recover. In reality, there is a subcycle between planning and preparation in which there is an additional opportunity to train, drill, innovate and improve. The subcycle results can be integrated to fine tune and circulate the improved disaster plan. Innovation is least desirable at the moments following the disaster when the response and recovery portion of the cycle begins. The potential for more harm to result, from a poor disaster response, is significant.
Even well designed networks may not have complete redundancy. Therefore, it is important to understand that public and business disaster plans will be subject to significant communications failures at critical points in time. The Homeland Security Act (Public Law No: 107-296), correctly designates "interoperable communications" as the second most important aspect of response to a major disaster.
The most important aspect of disaster preparedness is "life safety," the preservation, protection and recovery of human life. Disaster preparedness plans must have as their primary goal the life safety of every person covered within the plan. Responsibility for the restoration of communications and preservation of business assets must be separate and secondary to the protection of human life. Further, members of the communications restoration team should not be assigned any life safety responsibilities in a disaster response plan.
The potential conflict could result in a fatal error in judgment.
The Scope of Disaster
Despite the preparedness of the "first responders," the general public may not be prepared for even the most localized events. Chilling videos of recent club disasters in Illinois and New Hampshire demonstrate that panic, in the wake of an initial event, can lead to fatal consequences. In each case, the disasters were highly localized events with significant loss of life. Major disasters will substantially tax the ability of "first responders" well beyond the club events and poor response by the public could result in massive amounts of needless deaths. Panic, from news coverage of such events, may even cause a secondary disaster.
A "major disaster" is either not anticipated or, if anticipated, overwhelms an infrastructure with an unexpected magnitude either over a brief or extended period of time. Teams responding to a disaster caused by natural, military or terrorist threat will need to have a wide range of responses to the event itself, while different teams or agencies may be responsible for a response to the cause of the event. Response teams may also need protection or assistance from public safety officials, the police or the military in order to accomplish their tasks.
The magnitude of a disaster and the response limitations are something that should be considered in a proactive plan. For example, Japan's Prefectures (similar to state government) and private companies must plan for a strong magnitude earthquake along a fault very near Tokyo.
In a worst case scenario, a substantial earthquake would be followed by a tsunami of several meters. The presumption is that there will be a large scale loss of human life, infrastructure and support systems as well as an immediate devastation of almost all land based and wireless telecommunications systems.
As Japan is a nation of Islands with many costal cities, this represents a serious and significant national threat. Unlike the United States, Japan does not have geographically remote centers from which to launch a recover and rescue operation. Assistance will have to come from surviving Japanese cities and from neighboring and distant countries, like the United States and Australia.
In a "major disaster," even a well trained team may reach the end of an escalation procedure. Communications and coordination may be strained so that the disaster response team is in need of rescue. In the case of Japan (the world's second largest economy), we know that plans for a "major disaster" anticipate the failure of major components of communications systems. Further, resources available to the Island nation may have to be drawn from neighboring countries. In the United States, we have the luxury of a broadly disbursed population willing to help in the time of need and a sufficiently large land mass to allow for domestic, remote disaster services to be provided by U. S. citizens and other agencies who are not affected by the disaster.
Disasters of entire regions can be anticipated and addressed through the planning process For example, assume Chicago has a disaster, but New York and L.A are not affected. Shortly thereafter, an earthquake occurs in L.A. These unrelated and remote events stretch the response resources of the federal and local systems. They are sufficiently remote that the response of state and local responses are not affected by the remote disaster. Major cities in the surrounding areas will extend relief and support resources. However, if the disaster were to impact Chicago and a second disaster affected Milwaukee, the local backup systems are not geographically remote (as in the first example).
Rather than presuming that help will come from other sources, secondary or tertiary response areas need to be specified in advance. If the primary disaster response system is degraded or destroyed a remote center may be needed until a nearer regional or local center is located.
Early adopters benefit from sharing their best practices with their proximate and remote neighbors because their comfort and support may come from these neighbors in the event of a major disaster. By preparing other municipalities to develop their own response plans, early adopters may be training their own secondary or tertiary response teams. One of the consequences of a disaster is that the preparedness teams may be overwhelmed without aid from other sources.
Preparedness information, should be backed up in geographically remote offices and those offices must communicate with the appropriate back up facilities.
A good disaster preparedness plan may not be able to anticipate or handle multiple systems failures:
For example, in 1999, a tornado struck Salt Lake City at about the same time that downtown Chicago experienced a carrier network failure and an unrelated city power failure. The plights of the unusual tornado in Salt Lake City and the dual failures of MCI and the downtown Chicago power failure of several generators reveal the complexity of disaster preparedness planning.
Let's examine the plight of a hypothetical business in Salt Lake City with a backup in downtown Chicago. Suppose that the network equipment was at a facility in Salt Lake City and that the equipment was damaged by the tornado. If (under the disaster preparedness escalation procedure) the system was switched over to downtown Chicago, the risk of loss would be worsened by the MCI and subsequent power failures. The disaster preparedness team may have had very few options left in their escalation procedure. The laws of probability often collide headlong into Murphy's law.
Even dual systems are subject to failure.
Both AT&T and MCI have experienced major frame relay outages. In both cases, the carrier shifted blame to the underlying manufacturers (Cisco and Lucent). If the major carriers are not immune to failure, then smaller carriers are at equal or greater risk.
No single system is immune from failure.
In Chicago, ComEd had already lost one generator. Two more failed and the power was turned off in the loop to save the overburdened fourth. Some of the telecommunications buildings in the South Loop were serviced by a secondary power grid. Temperatures were moderate on the day of the dual outages. Results could have been far worse if it had been an exceptionally hot day.
Redundant systems are not completely immune from failure.
With the exception of a large scale tornado, none of the actual events above would be considered a "major disaster," but the smaller, local disasters would have had a significant impact on data and response capability.
Planning Limitations
Disaster preparedness escalation plans often reach a point of exhaustion. The cause for this exhaustion are secondary disasters that are proximate or remote. One proximate disaster, following the San Francisco Earthquake of the early 1900s, was the gas fires from pipes ruptured by the earthquake. The fires proved to be more deadly than the quake. Fire and rescue response was also limited by the lack of water resources in the Marina District of San Francisco nearly a century after the previous major quake.
Water lines, electrical lines, communication lines and other resources are badly effected in an earthquake. Disaster preparedness may require planning for unusual resources to be ready at the time of a significant infrastructure failure. In a future quake, forest fire planes or other non traditional resources might be considered to provide badly needed water to extinguish fires that result from electrical or gas caused fires. Postponing new ideas until the time of the disaster may mean that precious minutes or hours are lost.
Secondary and tertiary disasters often result from an initial disaster. A dam break on a lake, miles away from Johnstown was the cause of one of its famous floods. The source of the initial disaster was less significant at the source and miles away from the subsequent disaster.
The 1990s were rife with examples of major disasters, but the effect of those disasters were not visited in full force upon major metropolitan areas with the impact of disasters such as the Fire of London, the Chicago Fire, the San Francisco Earthquake. The Mississippi has risen to 500 year levels, California has been struck with significant quakes, domestic and foreign terrorists have destroyed entire buildings. Hurricanes have struck with significant force and other disasters have had substantial impact upon the lives of those effected. However, we are fortunate to lack the experience of dealing with the size and scope of disasters that affected America in the last century.
We may not be able to extend that luxury for another 100 years. Planning does not lessen the impact of an initial disaster, but planning and training in advance may help mitigate the disaster. For those who fail to plan, the framework may serve as a rapid way to contact preparedness groups that have been trained and who are prepared to help in the disaster response.
State, Local and Agency Resources
Because an "all hazard" plan under the Homeland Security Act also includes nuclear and other sensitive topics, government agencies will not be available to share complete plans with the general public. However, the "all hazard" plans should be made as public as possible so that business disaster plans can be integrated with government and other response agency plans.
While a national disaster preparedness system must be comprehensive, there must also be wide variations in local response plans from region to region. The regional geography impacts the types of natural and artificial disasters that citizens may face. For example, the hurricane response plan of a Gulf Coast state or a tsunami response for California have little bearing on a plan to aid the citizens of Chicago or Illinois. Response or evacuation plans must be tailored to the type of disaster; whether the disaster was anticipated or a surprise; the scope of the disaster; and the features of the affected region.
Cities have been forced in to the role of early adopters of proactive planning, but it may be years before comprehensive plans anticipate a wide variety of events. Other municipalities may lag behind the early adopters. Money remains an issue. Homeland Security dollars have not reached every municipality. Tight budgets may require that some municipalities may need to learn from the best practices of the early adopters who have had the time to plan and drill their newer preparedness plans.
Elements of a plan for flood, fire, terrorism or war may be just as relevant in a Gulf Coast State, California or Illinois. A framework for disaster preparedness will allow for the development of a comprehensive system of best practices in order to support a number of organizations in their own development of disaster plans suitable for a given region.
States, municipalities and other government agencies are already taking steps to prepare for future disasters. Major metropolitan areas have moved swiftly to reorganize disaster preparedness plans to incorporate "all hazard" plans. The State of Illinois is gaining recognition for preparedness as is the City of Chicago's Office of Emergency Management and Communications to allow its citizens to prepare for disasters. Chicago has also incorporated a "reverse 911" system that allows a 911 system to deliver recorded thousands of simultaneous recorded messages to telephone users. A wide range of options will be needed ranging from "Amber Alerts" for missing children to a variety of pre recorded instructions for citizens in the event of a local or regional disaster.