Disaster Recovery Journal- Volume 13, Issue 3 - Summer 2004 Issue -Simulating Disaster Scenarios

Return to the
Summer 2004 Issue

DISASTER RECOVERY
JOURNAL

P. O. Box 510110
St. Louis, MO 63151
(314) 894-0276
Fax: (314) 894-7474
Internet www.drj.com
E-mail drj@drj.com

PUBLISHER &
EDITOR-IN-CHIEF
Richard L. Arnold, CBCP
richard@drj.com

SENIOR EDITOR
Janette Ballman
janette@drj.com

MANAGING EDITOR
Jon Seals
jon@drj.com

ASSOCIATE EDITOR
Ed Pearce, CBCP
ed@drj.com

COPY EDITORS
Richard Sandhofer
richards@drj.com
Pamela Clifton
pamelaclifton@hotmail.com

ADVERTISING
Robert Arnold
bob@drj.com

_____________

Corporate

President/CEO
Richard L. Arnold, CBCP
richard@drj.com

Vice President
Robert Arnold
bob@drj.com

CONFERENCE COORDINATOR
Patti Fitzgerald, CBCP
patti@drj.com

CONFERENCE REGISTRAR
Merce Knese
mercedes@drj.com

CIRCULATION
Laura Baugh
laurab@drj.com

EXECUTIVE COUNCIL
Jeff Dato, MBCP, KPMG
John Jackson, IBM
Edward S. Devlin, E.S. Devlin & Associates
James Hammill, CBCP, JMH Consulting Inc.
Pat McAnally, SunGard Availability Services
Brian Turley, Strohl Systems
Belinda Wilson, Hewlett-Packard

INTERNATIONAL
CONTACTS
England: Thom Hetherington
Business Continuity
Phone: 0161-237-1007
thomh@tempus.demon.co.uk

Australia: Anthony J. Harvey
Journal of Business Continuity
Phone: 0011-613-953-0055-8
fax: 0011-613-953-0528
sector@notability.com.au

Japan: Shinji Hosotsubo
Quake Japan Co., Ltd.
Phone: 03-3215-2880
fax: 03-3215-2881

Brazil: Jose Carlos Ferreira
Disaster Recovery Mercosul
Phone: 55 11 3666-9506
conc2000@uol.com.br
www.drms.com.br

Click Here for a Printable Version

EXERCISING PLAN

Simulating Disaster Scenarios
A Missing Link In Crisis Management

By KEVIN C. DESOUZA

We live in uncertain times, where the only certainty is the occurrence of crises. Crises occur due to the complexity of the environments in which we operate. Technology-based crises are on a rise, and will continue to rise as technology immerses and becomes a fabric of our societies. The recent surge in viruses, network failures, data losses and leaks, sabotages to networks, and many other malicious acts are witness to the increasing need for organizations to prepare for technology-based disasters.
Much of the current disaster and crisis literature is slanted toward taking exuberant steps to prevent technology disasters and coming up with grand-scale contingency plans to deal with technology disasters if they do occur. While I acknowledge these are two important aspects of any disaster recovery program, we are missing an important piece in the middle – “immediate responses to disasters.”
This can be characterized as the time just after a disaster hits and before a contingency plan takes into effect. For example, if your servers were hit by a worm after office hours on Friday at 4:46 p.m., what do you do between 4:46 p.m. and the time you can move your databases to your disaster center? Do you have a protocol in place to execute? Do you know whom to contact? What happens if the primary contact is unavailable? Who has the decision-making authority? These questions trouble the most prepared organizations and the most informative of managers. If the crisis and/or information systems team have not practiced this task, chances are high that chaos and confusion will occur. This will reduce the potential impact the contingency plan will have on mitigating the crisis.
Successfully managing a technology disaster is contingent on one’s ability to put in place timely strategies to mitigate the effects of the disaster. In most cases, disasters strike an organization in places of surprise, and unless an organization is able to deal with the surprise in a swift and decisive manner the effect of the disaster increases exponentially.
A technique that can help managers better prepare for technology disasters is simulating scenarios. The use of scenario simulations is common in the defense arena, team sports, and aircraft pilot training. By simulating scenarios we afford individuals to get acquainted with distant realities and also provide them an avenue to test their reflexes and responses to the new environment. This is where the adage “practice makes perfect” comes into place.
Consider preparing for a football game. Unless each team ran through various scenarios and learned how to react to changes in an opponent’s strategy, they are likely to lose the game. Simulating various scenarios and working through them is critical to building any good organization. Scenario simulations are used widely by our defense departments to train soldiers on how to fight a wide assortment of battles under a variety of conditions. Even some disciplines, such as the training of aircraft pilots, are largely handled via simulations. After all, can we afford to put an untrained pilot in command of an aircraft?
Organizations need to be more cognizant in their preparation for technology disasters. The first step toward this is to realize the shortcomings of relying on contingency plans exclusively. Most organizations reduce crisis management to having a “contingency plan.” This plan is usually documented and consists of procedures and protocols that need to be executed should a crisis occur. These fall under what I consider “management by myths.”

Contingency Plans – Management By Myths
First, contingency plans might provide over-arching guidelines for dealing with foreseeable crises. Most crises, especially those in the technology sector that unleash maximum damage, are hidden and are never accounted for in crisis plans. A core concept of a crisis is the element of surprise.
For example, the airport baggage screeners had guidelines on how to deal with the suspected objects that looked like guns or bombs before 9/11. As we all know, the terrorists used box cutters. Now, baggage screeners are instructed to look for box cutters. What are the chances a terrorist will use the same device twice? Not likely. However, they could use a basic plastic explosive, not easy to detect. Will our baggage screeners be ready? Most will probably not be ready, due to the narrow “in-the-box” thinking that plagues many organizations.
A contingency plan is a prime example of “in-the-box” thinking. I had the opportunity to review the response plans for three Fortune 100 organizations, based in the Midwest. I found it surprising that all three looked 85 percent alike. Neither plan did enough to account for the peculiarities of the organization. Moreover, neither had been temporarily updated. The original carvings of the plans were designed in the late 1980s, and all three had only been slightly modified to reflect changes in the environment of the organization.
While the nature of the abnormalities the organization has to contend with may not change over time, the manner in how to respond to them does change. Consider the case of dealing with the press. Before, the Internet era, news reports on crises were delayed in reaching audiences. Today, news is delivered in real time. This can be a good or bad thing, depending on how prepared an organization is in dealing with crises. A prepared organization can use the news media efficiently and effectively to mitigate the impact of the crisis and also communicate effectively with the stakeholders. On the other hand, an unprepared organization can open itself up for legal troubles, bad mouthing in the marketplace, and loss of reputation.
The second problem with existing contingency plans is they are not ready to “meet the enemy.” This military term is used when all operations plans seem perfect ... until the moment you actually meet the enemy. Plans like this do not account for all the chaos and havoc of real events.
Most organizations, for instance, have traditional fire extinguishers located near computing equipment. If a fire were to occur, using the fire extinguisher on your PC would kill the computer. If a crisis scenario were executed, the organization would know they must replace the traditional extinguishers, which use a corrosive acid to contain fires, with a more apt fire extinguisher. On top of that, many individuals in the organization may not know how to use the new device. Expecting them to use it effectively during times of stress is absurd. Prepare to “meet the enemy” and force your exercise participants to do the same when you write scenarios.
The third problem with contingency plans is they do not do enough to assign roles and responsibilities. Most contingency plans are generic; they seldom address peculiarities of each organization. For instance, you may have a line in the chapter on communications stating, “Please contact your communication specialist for updates on the crises.” Now, pick 20 employees and ask them who is the communication specialist – you will probably end up with 10 different answers. Imagine the situation if during an aircraft emergency the passengers did not know who constituted the airline crew. This is not a rare occurrence in times of organizational crises.

Simulating Disaster Scenarios
Organizations must do more to imagine disasters and work through them in scenarios. Working with scenarios is critical toward operationalizing the plans and seeing how they hold up during times of duress and stress. Scenarios can be handled through multiple means. They can be physical or live demonstrations; they can be simulated using computer technologies, and can also be enacted. Regardless of how a scenario is executed it must meet two goals.
First, scenarios should help reduce the impact of the shock. Shock is the stage immediately following the impact of the crises. It is during the stage of shock where organizations make errors in responding to a crisis. Moreover, the longer the organization is paralyzed after the impact the greater the chance the crisis has of escalating.
Consider a simple example. You are driving while it is snowing; the snow turns into sleet, resulting in a slippery road. If you are not used to driving in such conditions, chances are you will not be able to control your vehicle if it begins to skid. As we all know, controlling your vehicle during the initial stages of a skid is critical to preventing a casualty. To the untrained driver an initial skid could cause a sudden rush of fear and anxiety, resulting in an incapacity to manage the steering. This is due to the shock of the impact. To a trained driver, a set of usual responses will be executed in order to bring the vehicle under control or to a safe stop.
Second, scenarios should help an individual and organization calibrate effective and efficient actions after the state of shock. Many times after the initial shock is over, organizations (and individuals) conduct haphazard actions that lead to a worsened situation. Many of these actions will come back to haunt the organization. Reactionary actions are never wise, unless one has had ample time and opportunity to run through plausible consequences that might be caused due to the actions.

Components Of A Good Scenario
Scenario planning has been used by businesses to help deal with strategic issues such as product pricing, marketing campaigns, and human resource incentive packages. However, their use of crisis management and management of technology disasters is weak at best. Many complain that scenarios are too expensive to run, the drills disrupt work practices, and scenarios can instill unneeded fear in employees. However, scenarios are the best bet for preparing people to deal with a crisis.
Regardless of the nature and scope, scenarios must be realistic. They must give the sense of reality to the item of interest. The scenario must challenge assumptions. Errors made during a scenario exercise should be looked at as avenues for learning.
A good scenario for simulating disasters must address five components:

Roles and responsibilities: Who is responsible for what? Who is the backup for a given task or an activity?
Communication protocols: How is the organization going to communicate and with whom? Who is responsible for communicating? What communication protocols will be used? Managing external communications is equally important. The organization should have one front and face for the press and external stakeholders.
Protection issues: How do we protect the assets affected by the disaster and mitigate further loss?
Damage assessment: How do we know what and who have been affected. Timely damage assessment is critical in reducing the impact of the initial shock and for calibrating immediate actions.
Conducting operations without all resources: Unless an organization has conducted an exercise in running without all resources, the chance of surviving during a crisis is low.

Conclusion
One cannot wait for a crisis to hit and then postulate over what to do. We must know how to act in times of stress and crises. Knowing this comes from prior enactments, experiences, and scenarios.

Kevin C. Desouza is president and co-founder of The Engaged Enterprise. Desouza has authored “Managing Knowledge with Artificial Intelligence,” (Quorum Books, 2002) and has recently co-authored “Managing Information in a Complex World” with T. Hensgen (M.E.Sharpe, 2004). In addition, Desouza has authored more than 100 articles for a number of management practitioner and academic journals. He can be reached at desouza@engagedenterprise.com.