As the PS-Prep topic was presented in an earlier posted article “PS-Prep Overview” on this website, it was quite evident that a lot of effort was spent by the U. S. Government’s department of Homeland Security (DHS) Federal Emergency Management Agency (FEMA) to promote the PS-Prep Program. It was also important to note the importance, indeed critical necessity, of the private sector’s role in creating an acceptable readiness level in our country whenever our country was faced with a disaster. Those efforts were systematically initiated in 2010 and continue even today.
Disaster preparedness along with organizational and societal readiness remain hot topics of discussions of disaster recovery planning teams.
Today, when so many of us have cybersecurity on our minds, our government is working very hard to mitigate the many risks coming from cybersecurity related threat activities.
Interestingly, the government is emphasizing the importance that private sector involvement will play in mitigating and addressing these cyber-security related threats and risks.
With this in mind, the following question could be asked: “What lessons might be learned from FEMA’s past U.S. Government’s support and promotion of the PS-Prep Program and could those lessons be potentially applied to current cyber-security control program efforts?”
To begin with, both the PS-Prep and Cybersecurity related programs are similar in that they each involve the understanding of and reacting to the potential risk(s) of low probability/high consequence events. It is well established in research of this topic that these kinds of events can be and often are a challenge for any person, group or society. Clearly for many, it is difficult to envision that which has not yet happened.
In trying to promote early efforts of the need for PS-Prep certification by organizations in the private sector, many of those organizations claimed that they viewed such extreme events as rare exceptions to the normal.
More importantly, many organizations, private community focused associations and individuals stated that preparing for them is a waste of time and money and that if an event should occur –then the government, the Red Cross, and others should be able to meet their needs. Could there be some similar opinions existing today when it comes to the need to take preventative actions and execute stronger defensive strategies against the cyber-security threats?
Private Sector Importance
In a recent research testimonial paper, John R. Harrald Ph.D. presented some strong ideas to support the need for new paradigms for private sector preparedness and the areas where he sees and claims that change is occurring now, and that with investment and leadership these efforts will lead to a fundamental paradigm shift in the private sector. In fact Harrald believes that the private sector plays a critical and central role in each of these elements.
The three areas are:
- Building and sustaining community resilience,
- Creating a collaborative and enabling preparedness and response culture, and
- Using science and technology to replace reactive doctrine with proactive, agile systems.
Community resilience is the key to preparedness.
Relationships and resources that exist at the local level are primary predictors of the ability to absorb, adapt, survive and thrive when faced with extreme events. We have historically focused on promoting individual preparedness, supporting business recovery, and ensuring government continuity of operations. Resilience, however, requires the building of collaborative relationships that will enable communities and businesses to better absorb, adapt, survive, and thrive when confronted with extreme events.
Disaster management culture is changing.
Current preparedness, response, and recovery doctrine based on government centric control will be replaced by a culture that enables collaboration. Most people impacted by a disaster are uninjured, healthy, and willing and able to help those more seriously impacted and to rebuild their community. As stated by FEMA Administrator Craig Fugate, these willing and able citizens should be thought of as resources, not victims. Catastrophic events will exceed the capability and resources available to the national, state and local governments. The objective is not to create government organizations capable of doing things for people; we must be able to mobilize national resources, public and private, to work with citizens to help restore social, physical, and economic systems.
Science and Technology are providing us with new knowledge, capability and opportunities.
We are witnessing a very significant shift in how science and technology are used in disaster response. Physical science better informs us of our risk exposure and helps us develop credible planning scenarios. Social scientists have introduced the concept of social vulnerability into the preparedness, response, and recovery doctrine and have studied how people behave during the crisis and recovery periods. Preparedness must be based on what we have learned from science, not on disaster myths and fears.
Click here to read more of John R. Harrald, Ph. D. thoughts and ideas.
Today’s growing number of cyber-security related threats and real challenges to mitigate those threats are becoming more prevalent and relevant to more and more people each day. It might even be at a point where these events and incidents are no longer regarded in status as low probability/high consequence events.
In retrospect, perhaps the PS-Prep Program was ahead of its time….but… it surely created and still offers many lessons for today’s disaster preparedness teams.
If you found this information applicable, please pass it along to those business continuity, organizational readiness team members in your community or where you work.
By: Ben J. Carnevale