Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Telecontingency Planning What's Your Excuse Now?

Are we in the Decade of Disasters? For the past several years the Disaster Recovery Journal has described dozens of disasters. It has also offered plenty of excellent advice to disaster recovery planners.

Precedents for establishing a business continuity plan are everywhere. So why are so many companies still without comprehensive contingency plans? What’s it going to take to convince you?

Perhaps your organization has suffered minimal business disruption over the years. That’s very fortunate. Perhaps your offices are not in the “big city” where terrorist bombings are more likely to occur. Maybe your offices are in a lush, well landscaped campus. What could ever happen in that pristine setting?

Well, folks, disasters are occurring all around you. Your data centers, telecommunications operations, and local area networks are all at risk. Regardless of your location.

Here in the states, the most spectacular event in recent months was the bombing of the World Trade Center. But the United Kingdom deals with IRA bomb threats daily. Traveling on the London Underground (subway), one constantly is reminded of the concern for security, e.g., signs, closed circuit TV, police. Any unclaimed package is immediately treated as suspicious.

Virtually within the span of a year, London’s financial district sustained two very powerful bombs that caused several deaths, hundreds of injuries, and billions of dollars in damage. The most recent was April 24th in an area known as Bishopsgate. Last April a very large device — the largest since World War II — was detonated in an area called St. Mary Axe. Despite extensive building damage and human injuries, the British telecommunications infrastructure sustained minimal damage. Both British Telecom and Mercury Communications, the two major exchange carriers in the U.K., were able to deploy their forces into the bombed areas rapidly to help businesses recover. These two bombs are just the larger ones of note. Smaller devices are regularly detonated each month.

The U.S. joined the terrorist bombing major leagues on Friday, February 26, 1993. Despite the fact that this event is now “old news”, it is still a grim reminder of the need for contingency plans for information systems, and “telecontingency” plans for communications systems.

Most of you know the story. The bomb exploded in a small van in a WTC parking garage about two levels below the street. The blast ripped open a hole about 200 feet long and about 20 feet wide.

Infrastructure components, e.g., electrical wires, communications lines, and other items were destroyed. Primary and backup power systems were destroyed. All emergency lighting was killed, as were ventilation systems. Sprinklers were disabled. Elevators were inoperative. Limited communications service was available to the complex. No public address facilities were working. The PATH underground train station concourse was seriously damaged by falling debris.

The World Trade Center blast was indeed a major disaster. For the past several years the U.S. has had relatively few terrorist acts, compared to other countries. Unfortunately, that lack of activity often creates a false sense of security. This is one time where the severity of the event surpassed even the most carefully developed scenarios.

What are some of the lessons learned from this event, and the ones in London? The first question: How serious a disaster can your plan address? Clearly, the disaster plans of the Port Authority of New York and New Jersey, the organization that runs the World Trade Center, were exceeded by a wide margin.

With that issue in mind, here’s a classic example of hindsight. About six years ago, a task force warned the Port Authority of the potential damage to the World Trade Center from a terrorist bomb. The task force included Port Authority police and civilian engineers. The final report was reviewed by an independent engineering consultant. The outside engineer concurred with the report’s recommendations, which included the following:

1. Eliminate public parking from the WTC garage, which would prevent terrorists from placing a bomb in an appropriate location;
2. Increase the distance between the building’s main and backup electrical systems so that a single blast would not destroy both systems;
3. Increase the distance between the police station and the emergency command center; and
4. Install battery-powered emergency lighting in stairwells.

Despite efforts by the Port Authority to increase security in the towers, the February event was a case of “too little, too late.” The bomb was placed in an area that would maximize damage to the building’s safety and utility systems. Fortunately, the overall structural integrity of the complex was not destroyed by the blast.

Hundreds of companies had to relocate their offices elsewhere in the city. New York Telephone and its local access competitors, which include Teleport and MFS Communications, were able to quickly reroute communications access lines to recovery areas and rented office space for the displaced WTC tenants.

Emergency recovery facilities were placed into service and performed smoothly. Ever since the city developed contingency plans in partnership with communications service providers, the confidence level of New York businesses has steadily increased.

The WTC disaster was a major test of this new spirit of cooperation, and it worked superbly.

But we are still pressed with tough questions. Could the disaster have been prevented? Could the bomb’s impact have been reduced? The bottom line in all this is that business executives can no longer avoid “telecontingency planning”. Just consider the events in London and New York.

What are some steps you can take right now? The following list provides a summary. First, let’s assume you have a telecontingency plan in place.

1. What kind of events do your telecontingency plans address? Consider revising them to focus more on “serious” events, rather than “moderate” ones.
2. Schedule a 15-minute meeting with key members of telecommunications, local area network and EDP/MIS management. Ask the following four questions:
Where are our contingency plans for telecom/LAN/EDP right now?
When did we last test them?
When were they last updated?
What’s the worst disaster scenario we could survive right now?
3. Conduct “mini impact analyses” among senior executives. Set 15-minute meetings with key executives and ask them the following questions:
If we had a serious business disruption, what’s the single most important business activity in your area that we would need to recover?
How long could we go without it, assuming a worst-case situation?
What would it mean to the firm if we could not recover that activity in a suitable time frame?
What does the company stand to lose if that particular activity is disrupted for an extended period of time?

The U.S. joined the terrorist bombing major leagues on Friday, February 26, 1993. Despite the fact that this event is now “old news”, it is still a grim reminder of the need for contingency plans for information systems, and “telecontingency” plans for communications systems.

4. If you work with a hot site firm or similar disaster recovery organization, ask them what provisions they have to deal with telecom systems and LANs.
5. Contact your telecom and LAN suppliers and ask them what current and planned service options they have for dealing with severe service disruptions.
6. What arrangements have you made for emergency relocation of employees, with particular focus on communications tools they will need at the alternate site?
7. When was the last time a telecom and/or LAN audit was conducted? Schedule one to begin within the next 30 days.
8. Schedule time to update your plan, particularly with the information you gained from the above analysis.
Now, the same process for those of you without a contingency plan for telecommunications and LANs.
1. Schedule a 15-minute meeting with key members of EDP/MIS management. Ask the following five questions:
Where are our EDP contingency plans right now?
When did we last test them?
When were they last updated?
Based on the existing plan, what kind of risk to telecommunications and LANs are we currently facing?
What’s the worst disaster scenario we could survive right now?
2. Conduct similar “mini impact analyses” among senior executives, using essentially the same questions. Make sure you focus on the loss of telecom and/or LAN resources.
3. If the firm uses a hot site firm or similar disaster recovery organization, ask them what provisions they have to deal with telecom/LAN assets.
4. Contact telecom/LAN suppliers and ask them what current and planned service options they have for dealing with severe service disruptions.
5. Schedule a telecom/LAN audit to begin within the next 30 days.
6. Investigate software packages that will help develop a plan quickly.
7. Schedule time to develop a base plan, which emphasizes prevention and rapid recovery of network facilities and telecom/LAN systems.
8. No more excuses. Don’t waste any more time. Schedule time to finalize a comprehensive plan.

The steps outlined above will not require a major investment. They will require your time, which is a precious commodity. But think of the process as an insurance policy for your business. Your company doesn’t hesitate to buy liability insurance and property insurance. So why not also establish network protection insurance?
Telecontingency planning is the new term you can use to describe the processes described in this article. The time for telecontingency planning is NOW — before it is too late. As we said earlier — No more excuses.


Paul F. Kirvan is vice president of The Kingswell Partnership, Inc., an international consulting firm that focuses on global business continuity planning.

This article adapted from Vol. 6 #3.

Add comment


Security code
Refresh