Disaster Preparedness Teams Directed to The Blog@HomelandSecurity

October 29, 2010 By Continuity_Compliance Leave a Comment

It was recently brought to the attention of our staff, that perhaps some of our readers were not aware of yet another of FEMA’s resources available to keep everyone current and allow input for additional postings regarding steps it is taking to help safeguard our nation against disruptive events. Our reference here is to FEMA’s new Blog website.

As we already know, and as stated on FEMA’s government websites…”FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards”

The objective purpose of this website which strives to meet that FEMA objective is stated on the blog as —“The website provides an inside-out view of what we do every day at the U.S. Department of Homeland Security. The Blog lets us talk about how we secure our nation, strengthen our programs, and unite the Department behind our common mission and principles. It also lets us hear from you.”

CLICK HERE to visit this FEMA blog website.

Please add this resource to the libraries of your business continuity, PS-Prep, crisis management, first responders, cyber security, disaster preparedness and risk management team members in your organization.

Filed Under: Business Continuity Info, Homeland Security Dpt, PS-Prep Program Tagged With: Business Continuity, crisis management, cyber security, disaster preparedness, FEMA, first responders, PS-Prep, risk management

NIST Offers Information to Assist Evacuation Preparedness for High-Rise Buildings

October 18, 2010 By Continuity_Compliance Leave a Comment

Recognizing that disaster preparedness and disaster recovery planning play important roles in business continuity and risk management planning, our staff would like to make you aware of a recent National Institute of Standards and Technology (NIST) posting on the Homeland Security Newswire web site.

For those readers of this website who work in organizations that are resident in high-rise building locations, we especially would like to bring your attention to this posting – because the information it offers will provide valuable input to the planning by those organizations for emergency response and crisis management direction regarding evacuation from high-rise buildings.

If your organization is located in a high-rise building and you would like to have your risk management and disaster recovery teams receive this information — please pass this information along to those disaster preparedness and disaster recovery planning team members.

Click here to read the full article and follow the related links to receive this information.

Filed Under: Business Continuity Info, Homeland Security Dpt, Physical Security Tagged With: Business Continuity, business continuity planning, disaster preparedness, disaster recovery, evacuation preparedness, NIST, risk management

FEMA and DHS Stress Importance of Preparedness and Working Together

October 13, 2010 By Continuity_Compliance Leave a Comment

In the press release listed below, the importance of public preparedness, planning for the entire community, and working together as a team to respond to and recover from emergencies was stressed by FEMA Deputy Administrator Rich Serino, and DHS Assistant Security for Health Affairs Dr. Alexander Garza.

As stated by Dr. Garza, “At FEMA, we know that only by engaging every member of our team, from the entire federal family, to state and local officials, to the faith based and non-profit communities and especially the public, can we successfully respond to and recover from disasters.”

“FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. “

Our staff believes that this effort for partnership in public preparedness fits well into the PS-Prep message of preparedness voiced many times on this website.

If applicable, please pass this press release information along to those business continuity, crisis management, emergency response and disaster recovery team members in your organization.

You can read the entire press release below;

October 13, 2010

No: HQ-10-199

Contact: FEMA News Desk 202-646-3272

News Release

FEMA DEPUTY ADMINISTRATOR RICH SERINO AND DHS ASSISTANT SECRETARY FOR HEALTH AFFAIRS DR. ALEXANDER GARZA ADDRESS THE NATIONAL ASSOCIATION OF STATE EMS OFFICIALS ABOUT PREPAREDNESS, IMPORTANCE OF WORKING AS A TEAM

WASHINGTON – Today, the Federal Emergency Management Agency (FEMA) Deputy Administrator Rich Serino and the Department of Homeland Security (DHS) Assistant Secretary for Health Affairs and Chief Medical Officer Dr. Alexander Garza each addressed the 2010 Annual Meeting of the National Association of State EMS Officials (NASEMSO). Deputy Administrator Serino spoke about the importance of public preparedness, planning for the entire community, and working together as a team to respond to and recover from emergencies. Assistant Secretary Garza discussed how the Office of Health Affairs interfaces with EMS officials as part of their efforts to protect the American people from threat of terrorism and disasters.

“FEMA is not the team, FEMA is only part of the team, and today provided me with a great opportunity to talk with a crucial member of our national emergency management team – state EMS officials,” said Deputy Administrator Serino. “At FEMA, we know that only by engaging every member of our team, from the entire federal family, to state and local officials, to the faith based and non-profit communities and especially the public, can we successfully respond to and recover from disasters. Every day, these state EMS officials are doing great work to keep their communities safe, and today was a chance to not only address them about what FEMA is doing, but also to hear from them about ways we can better support their critical efforts.”

Dr. Garza also emphasized how DHS regards homeland security as a shared responsibility with partners at the state and local level. “Resilient communities are a key element of homeland security,” Dr. Garza said, addressing the gathering. “These important relationships with EMS officials are central to our efforts to build resilient communities, and we will continue to expand our coordination where possible.”

Both Deputy Administrator Serino and Assistant Secretary Garza have extensive experience in emergency medical services. Serino has more than 35 years’ experience in local emergency services – starting as a volunteer on the Boston ambulance squad and retiring last fall as Chief of Department of Boston EMS and Assistant Director of the Boston Public Health Commission. Garza began his career as an EMT in 1986, and served as a paramedic in Kansas City, Mo., before attending medical school.

Today’s presentations are just the latest way in which DHS, including FEMA, is reaching out to all levels of government, non-profits, the faith based community, and especially the public to expand the definition of who is a part of the national emergency response team. During their presentations, both Serino and Garza stressed the important role that the public plays in emergency preparedness and response. To learn more, visit http://www.ready.gov/

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Filed Under: Business Continuity Info, Homeland Security Dpt, PS-Prep Program Tagged With: Business Continuity, crisis management, DHS, disaster recover, emergency response, FEMA, first responders, hazards, preparedness, PS-Prep

FEMA Releases New Emergency Preparedness Planning Tabletop Exercises

September 14, 2010 By Continuity_Compliance Leave a Comment

Our staff recently came upon a new FEMA offering that will present a series of Tabletop Exercise presentations developed by FEMA’s Private Sector Division and advised by FEMA’s National Exercise Division. These exercises are structured on the Tabletop Exercise Design curriculum developed by FEMA’s Emergency Management Institute, as well as other FEMA/DHS training reference materials.

No announcement has been made regarding how many of these exercises will be made available as tools to enhance and advance an organization’s readiness levels regarding continuity, preparedness and/or resiliency. However, we are impressed with the release of FEMA’s first two exercises that address the scenarios of; (a) the incidence of a major Hurricane and (2) the potentially disastrous event of a rail related Chemical Accident.

Each exercise takes your crisis management or emergency response team through a very realistic scenario and also facilitates a discussion to help your organization’s planning, responding and recovering efforts to these first two scenarios.

Even if your organization has already instituted such tabletop exercises, we believe that your disaster preparedness and recovery teams will find a great benchmarking experience by viewing these emergency planning exercise offerings from FEMA.

And, we almost forgot to mention the best part – these exercises are free for your download and use….

To download and view these FEMA Tabletop Exercise Presentations — CLICK HERE.

Please pass this information along to those risk management, information security and emergency response team members in your organization, who address not only network security threats or computer data security issues, but, also are charged to develop effective risk management tools to meet compliance and mitigate operational risks for their organizations.

Filed Under: Business Continuity Info, Homeland Security Dpt, PS-Prep Program Tagged With: benchmarking, computer data security, continuity, crisis management, disaster preparedness, disaster recovery, emergency response, FEMA, FEMA's Private Sector Division, Information Security, network security threats, operational risk, preparedness, Resiliency, risk management, risk management tools, tabletop excercises

Cyber Security: Internet Protocol version 6 (IPv6)

August 11, 2010 By Continuity_Compliance Leave a Comment

With so much attention given to the topic of cybersecurity, it is no wonder that our staff paid particular attention to the presentation, papers, and demonstrations at the recently held Black Hat-DefCon Conference from July 30^th to August 1^st, 2010. A particular case in point was the presentation and discussion by Sam Browne about the topic of IPv6 – the Internet Protocol version 6.

Our staff believes that this presentation should make all of us even more uneasy about the current state of cybersecurity – hopefully enough to spur more of us into action so as to better address both the current and ongoing vulnerabilities related to cybersecurity.

For those of us who are not as familiar with the topic of IPv6, perhaps a little background may be in order….

The transition to IPv6 is necessary to deal with the growing exhaustion of IPv4 addresses. The older protocol, which is based on a 32-bit addressing system, yields about four billion unique numbers, fewer than the seven billion humans who populate the planet. At the current usage rate, the allocation of free addresses could be used up by June of next year, according to some estimates. IPv6, by contrast, is a 128-bit scheme that allows for over 3.4×1038 addresses, which ought to keep the world going for quite some time.

Given that supposition of why it is necessary to move to IPv6, you would expect that more people would be all over this topic … and especially since Mr. Browne’s presentation offers some scary thoughts to consider and some “what-if” scenarios of risk mitigation that IT security and information security specialists might want to have on their “to-do” lists — sooner rather than later.

Click here to read a recent posting on this topic by the Homeland Security News Wire website, and be sure to view the link to the slides presented by Mr. Browne in his presentation.

We would like to thank the Homeland Security News Wire for bringing our attention to this cyber security topic of interest to organizations both large and small.

And please pass this information along to those information security management, risk assessment, risk analysis, enterprise risk management, and business impact analysis team members in your organization. Also, if your organization is working on its private sector preparedness and readiness level, perhaps those PS-Prep team members should also include this topic in their reading libraries and potential future agenda listings.

Filed Under: Cybersecurity, Homeland Security Dpt, Information Security Tagged With: business impact analysis, cyber security, cybersecurity, enterprise risk management, information security management, Internet Protocol, IPv4, IPv6, Private Sector Preparedness, PS-Prep, risk assessment

Lieberman & Thompson Urge PS-Prep Is a Necessity, Not a Luxury

June 5, 2010 By Continuity_Compliance Leave a Comment

With so much in the news surrounding British Petroleum (BP)’s difficulties and inabilities –for now nearly thirty (30) days — to cap its gushing oil well nearly a mile below sea level, a strong message of the need for more preparedness or readiness (or perhaps the lack of preparedness and/or readiness) is being raised across the U.S. and we believe that growing level of awareness in the U.S. can and should focus more attention again on PS-Prep — the voluntary program to help private sector companies develop preparedness, resiliency, response, recovery, and business continuity plans.

On Thursday June 3, Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and House Homeland Security Committee Chairman Bennie Thompson, D-Miss., co-wrote a letter to DHS Secretary Janet Napolitano noting that the PS-Prep program still has not been launched – even though that was a requirement coming from legislation passed by Congress almost three years ago.

The essence of the letter was that Lieberman and Thompson both urged the Department of Homeland Security to step up its implementation of PS-Prep.

Another strong message in the letter stressed that “private sector preparedness is a necessity not a luxury” – given that the private sector owns nearly eighty-five (85%) per cent of critical infrastructure in the U.S.

To read more about the message that Lieberman and Thompson sent to DHS’s Napolitano, we offer the full content of the letter reproduced below –

June 3, 2010

The Honorable Janet Napolitano
Secretary
Department of Homeland Security
Washington, DC 20528

Dear Secretary Napolitano:

We are writing to urge you to accelerate the Department of Homeland Security’s (DHS) launch of the voluntary private sector preparedness accreditation and certification program, commonly referred to as PS-Prep, required by Section 901 of the Implementing Recommendations of the 9/11 Commission Act of 2007, P.L. 110-53 (hereon referred to as “the Act”).

The Act, which was signed into law nearly three years ago, required DHS to adopt one or more preparedness standards for the program and to implement the program not later than 210 days after enactment. Unfortunately, the previous Administration missed the statutory deadline for implementation and failed to widely promote the program. To date, the program still has neither been implemented, nor promoted, as required by the law.

The Executive Branch’s failure to implement the program is regrettable. Given that the private sector controls 85 percent of the critical infrastructure in the nation, private sector preparedness is a necessity, not a luxury. The National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission) found that the private sector remains largely unprepared for disasters, and the recent devastating oil spill in the Gulf of Mexico serves as a painful reminder of why preparedness is so important.

To address these preparedness vulnerabilities, Congress required DHS to establish the PS-Prep program to replace ad hoc and isolated preparedness measures with appropriate voluntary standards implemented through a structured approach. The program will also raise the visibility of the importance of private sector preparedness and provide a roadmap to preparedness, benefitting businesses that choose to participate and making America safer.

We appreciate that under your leadership DHS has published draft standards for public comment and engaged in 10 public information sessions. However, we remain concerned that the timeline for adopting final standards for PS-Prep continues to recede. This past winter, DHS officials told staff from both Committees that they intended to adopt final standards this spring, but DHS recently informed us that it would miss this deadline. Current expectations for implementation appear to be set for this autumn. Needless to say, every additional delay in implementation further violates the Act and means less security for our country.

While DHS has moved forward with the rulemaking process, we note that DHS leadership has not embarked on a campaign to fully engage the private sector in this voluntary program. The success of PS-Prep will depend upon the active participation of the business community.

The impact of future disasters on vulnerable cities and towns across the country would be significantly mitigated if businesses were armed with preparedness and recovery programs. Proper preparation leads to resilience and recovery. PS-Prep would serve as a helpful tool in preparing the private sector for all types of disasters. This valuable program should be quickly implemented.

We implore you to act promptly to implement this program and vigorously promote it within the private sector. We ask that, within the next 15 days, DHS provide a timeline for adopting standards for the program. Additionally, please provide your plan to conduct a campaign to promote the program, as well as a plan to implement the Act’s requirements for separate classifications and methods of certification for small business concerns. We look forward to continuing to partner with you on this important program. Thank you for your attention to this important issue.

Sincerely,

JOSEPH I. LIEBERMAN
Senate Committee on Homeland Security & Governmental Affairs

BENNIE G. THOMPSON
House Committee on Homeland Security

cc: The Honorable Craig Fugate, Administrator, Federal Emergency Management Agency

Please pass this important development along to the business continuity and risk management team members in your organization, and share your comments with our BC community of readers.

Filed Under: Homeland Security Dpt, PS-Prep Program Tagged With: Business Continuity, Business Continuity Plans, Critical Infrastructure Resiliency, DHS, PS-Prep, response and recovery, risk management

Contingency Plan and Crisis Management Efforts by BP under Fire from DHS

May 19, 2010 By Continuity_Compliance Leave a Comment

As we have mentioned before in postings on this website, there are many lessons to be learned from this unfortunate oil spill in the Gulf of Mexico.

It is important for our readers and your organizational crisis management team members to find meaningful lessons from this tragic incident, and, to observe both the strengths and weaknesses in the emergency response plan now being implemented by BP. We do not believe that this means that your organization has to be part of the oil industry in order to find those meaningful lessons – nor does the learning process limit itself to only environmental compliance issues.

In this posting, we would like to focus on what we believe to be one of those lessons to be learned– i.e. be aware of the potential outcomes from writing a less than complete or realistic crisis management and emergency response plan for your organization, and, open your scope of considerations for potential company specific and relevant risk events that will affect both the business continuity plans for your organization, as well as, the potential relevant impact such an event will have on the community and environment surrounding that organization.

To that point we would like to point your attention to a recent article in USA Today, where Rick Jervis wrote that the 582-page document submittal from British Petroleum, (BP), titled “Regional Oil Spill Response Plan — Gulf of Mexico,” was approved in July by the federal Minerals Management Service (MMS). The report offers technical details on how to use chemical dispersants and provides instructions on what to say to the news media, but it does not mention how to react if a deep-water well spews oil uncontrollably. Read Richard Jervis’s article in full…..and remember to utilize some of the useful links in that article leading you to more timely information on this event.

Additionally, this emergency response plan prepared by BP mentions almost none of the techniques recently attempted by BP to contain the spewing well in that plan.

A statement that seems to sum the lack of readiness in BP’s emergency response plan comes from Representative Nick Rahall (D-West Virginia), chairman of the House Natural Resources Committee, which is investigating federal oversight of oil spills, where he said, “These oil spill response plans suffer from what I would consider a ‘failure of imagination”. It seems to me that there should be a Plan B, C and D in place before the accident occurs, not created in haste while millions of gallons of oil are spewing into the Gulf.”

Another aspect of BP’s plan that we would never want to be part of any of our reader’s organizational risk management plans has to do with a simple “cut and paste” methodology leading to a “boilerplate” approach to writing such plans for our own companies. Clearly there is risk in this approach, and while, there are some applications where you can justify similarities to the point that repeating certain language does make sense, it is much more obvious that you can become complacent with this “cut and paste” approach to the point of missing critical issues and response methodologies necessary to mitigate unforeseen events. BP’s emergency response plan seems to be a strong example of taking that risk.

Rick Steiner, a former University of Alaska marine scientist and an oil spill response consultant who has reviewed the plan, observes a similar “boilerplate” pattern in BP’s plan, where Mr. Steiner states, “Parts of the document read like boilerplate used by BP from region to region and underscores the energy company’s inability to adequately prepare for a major spill in deep water …”

And to further prove his point, and in a recent posting on the Homeland Security Newswire website, Mr. Steiner points out that in a section titled “Sensitive Biological & Human-Use Resources,”…. the plan lists “seals, sea otters and walruses” as animals that could be impacted by a Gulf of Mexico spill — even though no such animals live in the Gulf. Read more ….

In further response to BP’s disaster recovery and control efforts, the White House has already signaled an end is needed to the “cozy relationship” that federal regulatory agencies have seemingly created with BP. Perhaps another important lesson to be learned here as well – e.g. you never want your organization to be in such a situation where such negative attention is paid to your company. Read more….

Please pass this posting along to your enterprise risk management team members.

Filed Under: Homeland Security Dpt, Regulatory Compliance Tagged With: BP, British Petroleum, Business Continuity, contingency plan, crisis management, DHS, emergency response plan, enterprise risk management, environmental compliance, federal regulatory agencies, House Natural Resources Committee, oil spill, risk management

International Disaster Preparation and Prevention Guide Provided by ASIS

March 2, 2010 By Continuity_Compliance Leave a Comment

As a response to some of our reader’s inquiries, and to offer assistance to the managers and members of business continuity and disaster preparation and prevention teams, we suggest that you become familiar with a disaster recovery preparation and planning guide that was released several years ago by the security specialists’ organization called ASIS. Even if you have to update some of its materials to a 2010 level, this guide is full of valuable BC, DR and security related information.

The guidelines, self-assessment questionnaires and general security and disaster recovery directed information can also be a great addition to an organization’s business continuity plan as well as a valuable reference resource for that organization’s BC and DR related reading library.

Some of the related information in this guide has been edited from materials provided by the American Red Cross and the Department of Homeland Security.

As stated in this guide, “With a little planning and a lot of common sense, we can all be better prepared to face the unknown”.

Filed Under: Homeland Security Dpt, Physical Security Tagged With: American Red Cross, ASIS, Business Continuity, Department of Homeland Security, disaster preparation, disaster prevention, disaster recovery planning, Homeland Department of Security, security specialist

International Center for Enterprise Preparedness Offers PS-Prep Working Group Report Drafts

February 15, 2010 By Continuity_Compliance Leave a Comment

This website receives many inquiries asking for more information regarding the ongoing developments in the Department of Homeland Security’s PS-Prep program. And we would like to respond to that request.

To that point, one of the resources that we have overlooked in the past, and would like to make available to our business continuity, crisis and risk management team members and readership is the International Center for Enterprise Preparedness (InterCEP).

InterCEP is the world’s first major academic center (New York University) dedicated to private sector crisis management and business continuity.

At InterCEP, businesses and other private sector organizations set the initial mission of the Center and remain engaged on an ongoing basis in its evolution. The U.S. Department of Homeland Security (DHS) provided the core funding for this initiative to create a truly international resource for education and research in this vital area.

Post September 11th, businesses and other private sector organizations have increasingly acknowledged the need for organization-wide emergency management and business continuity programs. In the United States alone, this need has been validated well beyond the terrorist threat by recent events including devastating hurricanes in America’s southeast, the blackout of the Northeast, tornadoes throughout the Midwest and wildfires in the Southwest. Corporate preparedness can mitigate the impact of emergencies on both people and property.

All of these potential and real disasters support the need for an “all hazards” approach to emergency management and business continuity. Clearly, corporate preparedness can mitigate the impact of emergencies on both people and property, and, ultimately, preparedness, or the lack of it, can determine the ongoing viability of a firm.

Building on and incorporating InterCEP’s ongoing research on the business case for both resilience and enterprise risk management, five Working Groups of stakeholders were convened to each focus on a particular area of business benefit that could potentially be enhanced by the PS-Prep Certification Program.

The purpose of the proceedings conducted by these Working Groups, was to inform stakeholders in general, and, in particular, inform both the parties in the U.S. Department of Homeland Security (DHS), and, the designated accreditation body, ANAB, who have responsibilities for the design, development and implementation of the PS-Prep Program.

At this point in time, both DHS and ANAB have participated as observers in these Working Groups so that the insights from the Working Groups could inform actions on an ongoing basis.

The Working Groups focused their efforts on the following areas: Supply Chain Resilience, Legal Liability Mitigation, rationalized Business Reporting of Preparedness, Insurance acknowledgement and Rating Agency acknowledgement.

CLICK HERE to read the full report and findings from the Working Group for Supply Chain Resilience.

CLICK HERE to read the full report and findings from the Working Group for Legal Liability Mitigation and Resilience.

CLICK HERE to read the full report and findings from the Working Group for rationalized Business Reporting of Preparedness and Resilience.

CLICK HERE to read the full report and findings from the Working Group on Corporate Ratings and Resilience.

CLICK HERE to read the full report and findings from the Working Group on Insurance and Resilience

We recommend that both the InterCEP website, and, any or all chosen report(s), found to be most applicable to your business and organizational goals, be added to your list of educational resources on the topic of PS-Prep.

Please direct any comments regarding these reports to http://www.nyu.edu/intercep/about/

Filed Under: Homeland Security Dpt, PS-Prep Program Tagged With: ANAB, Business Continuity, crisis management, DHS, emergency management, enterprise risk management, InterCEP, preparedness, Private Sector Preparedness, PS-Prep, resilience, risk management, supply chain resilience

Preparedness and Situational Awareness New Culture of Corporate Security Plans

February 10, 2010 By Continuity_Compliance Leave a Comment

In a recent article written by Leischen Stelter, and posted on the Security Director News website, a strong case was made whereby detecting terrorism activity is everyone’s responsibility. This is a message that our business continuity and preparedness teams need to stress and convey within the business continuity plans of their organizations, but, more importantly, to train employees and associates on how to look for and recognize suspicious persons and behaviors.

In this article, Larry Barrett, member of the DHS Office of Bombing Prevention, estimated that “…85% of the U.S. nation’s critical infrastructure is controlled by private corporations.”

Much of the message of this article also comes from the information provided in a recent workshop titled “The Private Sector Counterterrorism Awareness”, sponsored by the Department of Homeland Security (DHS) and hosted by the Maine Emergency Management Agency (MEMA).

Since it has been found that most private companies do not include the potential for terrorist attacks, secondary hazards, and entrapment devices into their business continuity and security risk management plans, we recommend reading this article to better understand if and how your organization must consider these risks before completing their plans.

CLICK HERE to read this article.

Filed Under: Homeland Security Dpt, Physical Security, PS-Prep Program Tagged With: Business Continuity, Business Continuity Plans, Department of Homeland Security, DHS, entrapment devices, Maine Emergency Management Agency, MEMA, preparedness, secondary hazards, Security, terrorist attacks