Some three years after North America’s largest power failure left more than 50 million people in the U.S. and Canada in the dark, a Toronto organization is asking that a coordinated city-wide disaster recovery exercise be launched.
The Disaster Recovery Information Exchange, Toronto chapter (DRIE Toronto) is urging major industry and public sector officials to work together and set up what it calls Toronto Incident Management Exercise (TIME), an emergency readiness drill covering the Greater Toronto Area.
DRIE is a not-for-profit organization dedicated to promoting business continuity management, disaster recovery planning and other related disciplines as integral components of an effective business strategy. Various private and public sector organizations may have preparedness and business resumption plans (BRPs) but it is not certain if these will work in concert during an actual disaster, according to Michael Smith, president of ReadySmith, a business continuity consulting company and co-chair of TIME.
“The critical need is to see how these plans will mesh with one another, and to fill in any identifiable gaps, especially in the business community,” said Smith.
He said because of the enormous amount of preparation needed, the exercise could be ideally held sometime in 2008.
In the afternoon of August 14, 2003, a debilitating power failure hit part of Ontario and much of northeastern U.S. The power outage, which lasted for several days, stranded many commuters and disabled some businesses.
A joint American-Canadian task force traced the main cause of the outage to a generating plant in Eastlake, Ohio that went off line amid a high electrical demand and strained high-voltage power lines that went out of service after coming in contact with “overgrown trees”. The cascading impact of the incident shut down more than 100 power plants.
Outage-related financial losses were estimated at $6.8 billion.
Toronto is a key North American business centre and so needs to have a coordinated disaster recovery plan said George Kerns, a member of DRIE Toronto and president and CEO of Fusepoint Managed Services Inc. based in Toronto.
“The business community as a whole needs to pull together and work hand in hand with front line agencies.”
Smith said business involvement is essential as, in many cases, the private sector is responsible for or involved in running services such as telephone and Web-based communication as well as broadcasting and transportation services.
Businesses rarely have resumption plans that are adequately coordinated with those of their partner or government counterparts, according to Walter Cooke, chief security officer of QuoVadis Ltd., a secure managed service provider in Hamilton, Bermuda.
“A properly planned disaster exercise will walk people through the process of how to act during an emergency,” said Cooke, who has more than 35 years of experience securing organizations in various parts of the world.
He said simple things, such as knowing who to contact during an emergency, could mean the difference between survival and disaster. “The lives of a great many New York city firefighters could have been saved were there clearly delineated lines of communication on 9/11.”
People’s lives and safety, along with the ability of government agencies to continue delivering essential services, rank above business needs, according to Mirek Kotisa, computer security administrator for the University of Toronto.
“But because technology touches almost every aspect of our lives, public and government agencies have to ensure IT resources are able to operate at the necessary level,” he said.
Services such as power, water, healthcare, police and emergency agencies need to have resilient back-up apparatus and strategies, according to Cooke and Kotisa.
However, companies also need to coordinate with public organizations to ensure continued operations said Darin Stahl, research lead with Info-Tech Research Group Inc. in London, Ont.
He said a large number Toronto offices and government agencies have “well thought out and tested disaster recovery plans,” but the 2003 blackout revealed “an enormous lack of coordination at the municipal and provincial level.”
Apart from coordinating disaster recovery efforts with clients and partners, businesses also need to keep tabs on government agencies because these organizations handle services that could affect their operations, said Stahl.
Knowledge of how government agencies intend to implement their disaster recovery plans will help businesses better align their own efforts with those of relevant government organizations.
“In a business environment of just-in-time delivery, companies need to find out which government agencies are handling such services as power and transportation are doing to get back up,” Stahl said.
He said coordination with businesses partners is also necessary as a process of due diligence to ensure their recovery efforts, or lack thereof, are not affecting the other companies and vice-versa.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."