Without thoughtful resiliency planning to ensure business continuity, the communications infrastructure can become the single point of failure for all services
When government officials talk about infrastructure, they usually mean roads, bridges, water lines, utility plants and other major physical assets.
When CIOs talk about infrastructure, they usually mean systems, networks, applications and other assets that thread through buildings and link various departments, services, command centers and mobile personnel. This infrastructure provides the foundation of daily government operations and economic transactions.
Certain items of infrastructure (e.g. key applications, servers, routers, radio networks) must function for anything else to happen. Resiliency planning carries implications for quality of life, economic development and how a community is able to function.
For the CIO, the best usage model is one where the technology becomes part of the environment and an extension of the user’s motivations that its usage becomes “second nature,” whether the crisis is a major disaster or a fire in a key facility.
Resiliency planning is a never-ending process. All the technology in the world cannot solve a problem that has not been identified and understood at the levels of daily business, strategic preparation and tactical operations. How should a CIO develop his planning? It begins with analyzing the risks, establishing the priorities and determining where the interdependencies lay.
Phase 1:
Risk and Impact Analysis
The first step is to establish a holistic view of resiliency planning. Agency-by-agency planning is not a holistic process. The city, region, state, or province must be viewed as a complete enterprise and approached with a comprehensive mindset so that true risks can be analyzed and meaningful priorities set.
Resiliency planning starts with three basic questions that form the foundation of a plan:
1. What are the critical services and functions that must survive disaster?
2. What is at risk financially?
3. What is the tolerance for disruption?
The answers to the above questions form the basis of a plan, but they constitute only the first step in the process. You must now take the list of services and functions required and ask, “Who does that today?” “Who could do it if a backup were necessary?” “Where are my back-up facilities?” “What has to be functional before that service can be deployed?”
Phase 2:
Discovering Dependencies
Two difficult things must happen in this phase of resiliency planning. First, the owners of functions, assets and public services identified as vital and vulnerable must make tough decisions on what action must be taken to address the vulnerability.
Second, all the supporting factors that enable a vital function must be documented, so that interdependencies can be targeted for resiliency assessment.
Protecting systems and network infrastructure requires budget and cooperation from agencies and managers across the governmental and civic enterprise. Strong partnership between the CIO, public safety leaders, and political leaders is critically important. Most importantly, it has to be clear who really “owns” disaster preparedness from a technology perspective.
Often, commercial networks and devices are ill equipped to handle critical emergencies and disasters and the requirements for priority access, redundancy, reliability and survivability for mission-critical systems are much greater than current commercial networks.
Page
1
|
2
