A couple of days ago, a mudslide wiped out a small town in Washington State, USA. You may not have heard about it in the news – as disasters go, it’s small. At last report, 16 bodies have been recovered, and around 180 people are missing, most of whom are probably dead.
It’s a tragedy for the town and surrounding communities, as well as family and friends, but it won’t rate with the Indian Ocean tsunami, or the Japanese earthquake tsunami, and it doesn’t have the mystique of Malaysian Airlines flight 370.
Disasters come in different shapes and sizes. How you feel depends a lot about how close you are, and how a disaster affects you and your interests. For most of the readers of Techly, it’s a disaster when Twitter is down for an hour.
I’ve taught disaster recovery and business continuity for years, and on five continents. I’m used to teaching groups who are mostly concerned about what type of backup is best, and whether a ‘hot site’ recovery site is worth the extra cost over a ‘warm site’.
It’s impossible to lay out, in advance, a set of procedures for disaster recovery for a business. It depends on what constitutes a disaster for the business, what it needs. How much technology is really essential and how much is just convenient. These things all depend upon the specifics of the company and situation, and so can’t be known, in advance, by anyone from the outside.
But, over the years, I have learned some principles that apply to everyone, and every situation.
First: Be prepared
Now, that’s easy to say. Disasters are, by definition, unforeseen. If you knew something was going to happen, it would just be part of the regular business processes.
But you can think of what you need, regardless of what happens. Ask yourself, what is really necessary, and how can you plan to be ready to work around it, even if your normal resources fail?
This works for more than your business. For emergency planning, figure out what you, and your family, will need for three days. Generally, that’s what you need. After three days, even in a regional disaster, emergency services are starting to get back on track.
You’ll need water. In an emergency, maybe it’ll come out of the pipes, and maybe it won’t. If it does, maybe it’ll be safe to drink, and maybe it won’t. So have six litres of water around per person. Again, that’s all you’ll need for that first three days.
Remember that while the foil-packaged bags of water keep for five years, the bottles that people carry around are good for two years, as long as they are sealed. Refillable ones from the store are good for about six months, and so are clean bottles you fill yourself.
Have some food around that doesn’t need to be either refrigerated or cooked. Snack bars are good, so are cans of beans. Remember to rotate your stock of food and water and buy stuff your are going to eat anyway.
Do you need blankets for warmth? Are you OK with the temperature, even at 4am on a winter morning? Do you need any shelter from rain – the car is usually good for that, although possibly cramped. Have extra clothes.
There are two benefits to this type of preparation. The first is that you and your family are safe, the second is that you are not a drain on the emergency resources, which are possibly going to be a bit stretched if this is a regional disaster.
Have a plan for communication. OK, yes, I know all Techly readers are going to have a fancy mobile phone but you know what happens first in an emergency? Everybody picks up the phone and calls someone to find out what happened. Or tries to call.
Phone systems are built to service only a small number of the subscribers on the system. Therefore, when more than a few per cent try to place a call at the same time, the system is overwhelmed. The result is that almost nobody is going to get a call through. Mobile phones are the worst in a disaster, although text messaging may be able to get through.
Internet communications, such as email and Twitter, require not only communications, but power and local bandwidth, so there are multiple points of possible failure. Take this into account when planning how to communicate.
Second principle: Get trained
If you, your family, and your business, are better prepared for an emergency, then you are less part of the problem. The next step is to try and be part of the solution.
Please don’t think that just by wanting to be helpful, you can be. When the police ask the public for tips they get swamped with responses, most of which are useless, but all of which need to be checked.
When people tried to help find MH370, they (and, famously, Courtney Love) found all kinds of things that weren’t a Boeing 777.
Any emergency or search-and-rescue worker can rattle off all kinds of cases when volunteers rushed in to help and then had to be rescued. Locally, one famous SAR leader always made sure to retrieve lost dogs, because dogs bring out the amateur rescuers, and amateurs get lost and stuck.
If you want to become part of the solution, get training. The Red Cross has guides and courses at all levels, from how to prepare your home, to how to manage volunteers. If you want to get more serious, the Australian Emergency Management Institute has more advanced courses, many of which will help you in planning business continuity, as well.
Those of us in the information security communities are always interested in disasters. We are forever dealing with crises, both large and small, assessing risks, planning and comparing mitigation strategies, and looking at the management of it all.
Emergency response, in a major disaster, is not simply a matter of having water, generators, blankets, and rescue dogs. It has to do with organisation, co-ordination, management, and, particularly, trained people.
Most of them are volunteers, since nobody can afford to pay for a full-time staff of all those you need to have ready in an emergency. If you volunteer, you will probably get trained. For free. You may also get additional perks – I get my flu shots paid for every year, since I’m an emergency worker.
There are skills you need to help other people. Sometimes this might relate to first aid, or structural assessment of buildings after an earthquake, etc. However, there are many necessary skills that are not quite so dramatic.
Most emergency response, believe it or not, has to do with paperwork. Who is safe?vWho needs care? Do families need to be reunited? Documentation of all of this is a huge effort, which goes on long after the bottles of water and hot meals have been distributed.
Then there are management skills, to co-ordinate all of the other skills. An awful lot of ‘charity’ gets wasted because some people get too much help, and others don’t get enough. Someone needs to oversee the efforts.
Training in all of this is available and, in an emergency, having trained people is probably more important than having stockpiles of tents. Trained people can make or improvise shelter.
For those who have security-related certifications, like the CISSP (certified information systems security professionals), ongoing professional education is a requirement. A constant complaint is that training is expensive, and getting the credits costs too much. I get all kinds of training related to business continuity and disaster recovery and get almost all of it free.
Get trained. Volunteer. You’ll get a wealth of experience that will help you plan for all kinds of events, not just for major disasters, but for the minor incidents that plague us and our companies every day. You’ll be ready for the big stuff, too.
You’ll be able to keep yourself and those near to you safe. You’ll be able to make a difference to others, certainly reducing suffering, and possibly saving lives.
If and when something major happens, you will be a part of the infrastructure necessary for the response to be effective. You’ll be part of the solution, rather than part of the problem.
Lead image via Thinkstock