cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Let’s not forget about emergency preparedness

Level 11

Tomorrow is the first day of the Caribbean hurricane season, and that means: named storms, power outages and the need for IT emergency preparedness. And now is a great time to make sure your disaster toolbox is well stocked, before a major calamity strikes. And as a federal IT manager, you always have to be prepared for the unnatural disaster, such as a cyber-attack.

The scary thing is that even the idea of creating a disaster recovery plan has been put on the backburner at many government agencies. In fact, according to a federal IT survey we conducted last year, over 20 percent of respondents said they did not have a disaster preparedness and response plan in place.

We suggest that you make sure you have a plan in place, and follow these best practices:

Continuously monitor the network. Here’s a phrase to remember: “collect once, report to many.” This means installing software that automatically and continuously monitors IT operations and security domains, making it easier for federal IT managers to pinpoint – or even proactively prevent – problems related to network outages and system downtime.

Continuous monitoring can give IT professionals the information needed to detect abnormal behavior much faster than manual processes. This can help federal managers react to these challenges quickly and reduce the potential for extended downtime.

Monitor devices, not just the infrastructure. You need to keep track of all of the devices that impact your network, including desktops, laptops, smartphones and tablets.

For this, consider implementing tools that can track individual devices. First, devise a whitelist of devices acceptable for network access. Then, set up automated alerts that notify you of non-whitelisted devices tapping into the network or any unusual activity. Most of the time, these alerts can be tied directly to specific users. This tactic can be especially helpful in preventing those non-weather-related threats I referred to earlier.

Plan for remote network management. There’s never an opportune time for a disaster, but some occasions are just, well, disastrous. For example, when a hurricane knocks out electricity in your data center and you’re stuck at home thinking, “Yeah, right.” In such cases, you’ll want to make sure you have software that allows you to remotely manage and fix anything that might adversely impact your network.

Remote management technology typically falls into two categories: in-band and out-of-band remote management. Both get the job done for their particular circumstances. And, there are some instances where remote management is insufficient. It’s perfectly adequate when your site loses power, or your network goes offline, but in the face of a major catastrophe – massive floods, for example – you’ll need onsite management. In many cases, however, remote management tools will be more than enough to get you through some rough spots without you having to get to the office.

Each of these best practices, and the technologies associated with them, are like backup generators. You may never need to use them, but when and if you do, you’ll be glad you have them at your disposal.

Find the full article on Government Computer News.

21 Comments
Level 17

DR Site is a must for us, along with the out of band setup for the remote access in a pinch or late night. Our facilities teams cover the generator and power fail over testing for us on a scheduled basis. Ensuring that even in the worst of times, or when someone is in the middle of treatment that they will have power to Fn.

Level 12

you always have to be prepared for the unnatural disaster, such as a cyber-attack.

First time I read that I saw cyborg-attack instead of cyber-attack.

Onto the topic at hand. I find it hard to believe so many places out there still do not have at least a basic DR plan in place.

Level 14

Practice, review and enhance the DR plan....

Mr. Murphy has a strange way of showing up at the LEAST opportune time...

MVP
MVP

Actually it is the Atlantic Hurricane season (June 1 - November 30). 

We've already had 2 named storms this year before the season officially began.

But yes, a DR site these days and it must be in a different geographic location.

Level 14

Oddly enough, we are a DR site.  We do the engineering for the other sites.  If we dump, we just rebuild.

Level 14

And having a alternate emergency site and offsite backups is a good idea too.  Not to mention at least a suite of equipment to work from while a possible rebuild is occurring.

Have a plan for isolation of sites/segments/data centers in the event of infection.  Imagine the impact of isolating a site when ransomware is discovered there.  Now imagine the impact of NOT isolating that site from the rest of your organization.  The complaints of the site being down will be nothing compared to what's heard when your servers are compromised.

Level 12

I work in a hospital and took the infection isolation part completely in the opposite direction lol. My mind started going oh crap, I wonder if pizzahut will deliver to a DR Center wearing a Haz-Mat suit?!?!

MVP
MVP

Ah...but if the pizza isn't also appropriately contained the point is moot.  By the point it is decontaminated it would be cold and mushy...

Level 12

Hmmm that is a good point. I doubt those insulated bags are bio-hazard rated

Level 20

Hurricane season is coming again now!

MVP
MVP

yep...just finished with our 3rd named storm of the year for the Atlantic season..

The climate expectations aren't matching the weather performance up here in northern Minnesota anymore.  It'll be in the 30's tonight, and in the 90's by the end of the week.

That kind of variation generates a lot of thunderstorms that are broken up by blue skies with sunshine, over and over.  Sunday I watched it happen five times in the afternoon--big boomers announcing the approaching cells, heavy rain, clear skies and sun shine.

Lather, Rinse, Repeat.  Ad infinitum.

Level 12

We are getting the same stuff over here in Northeast Wisconsin right now. Yesterday I drove home in the sun and blue sky while it was still raining. My head had a hard time with that one.

Disaster Recovery & Business Continuity... now you're talking a CBCP's language. "The sky is falling! The sky is falling!" 

Oh.. and one last point to add to this blog. test! Test! TEST!!!

I cannot count how many times we at my company "assumed" something was going to work when we either: fired it up, brought it online, failed over to it, etc... and it fails, miserably! Test you "Dial Home" features. Test your OOB connections. Test your remote access. Test alert for facilities equipment and environmental sensors. Test your backups! TEST TEST TEST!!!

MVP
MVP

test the pizza delivery to your remote site so you have disaster food available.

Don't forget a local source of good, strong, coffee!

MVP
MVP

Yes...the kind that stands up in your mug and slaps you.

Level 20

Maybe some of this strongest coffee in the world they claim o.O!

dw_1lb-ground_2048x2048.png

MVP
MVP

This is so true. I've seen it countless times where DR stuff has been installed but when push comes to shove, it doesn't work. So pointless then really.