Search Disaster Preparedness Blog

Sunday
May092010

15 Minutes to Apocalypse – The Cyber Warfare Threat

When most people think of cyber warfare, they are probably thinking of a battle taking place sometime in the future. The other thought most people probably have is they think the United States as a being a leader in this area.

The truth is cyber warfare is already here and the United States is lagging far behind. Not only that but a majority of all services deemed as critical infrastructure are in the hands or under control of the private sector.

Currently 30 countries are known to have viable offensive and defensive cyber warfare capabilities with the top potential threats recognized as being Russia, China, and believe it or not North Korea, which is also the most dangerous country to have these capabilities. North Korea has already taken out systems run by the U.S. Treasury, Secret Service, and Federal Trade Commission.

Cyber warfare is a reality in today's world - Timeline of Cyber Attacks since May 2006 - which will likely be used in combination with conventional attacks and as stand alone attacks far into the future from here on.

While some point to these threats as fear mongering, unrealistic, and even as impossible to pull off I would venture to say they do not fully appreciate just how vulnerable we are should a massive attack bring down much of our infrastructure.

One thing to note about these types of attacks is the social engineering aspect, which no amount of security hardware or software can protect against. We need to better train employees to understand phishing attacks, to guard passwords, what to look and listen for during the social engineer aspect of any attack. Good security practices should incorporate continuous training with real world examples.

As the recent attacks against Google, Rackspace and others showed our private sector is just as much a target for malicious attacks. We must remain vigilant and proper training training is an important part of securing our networks.

See the Reference link below for more detailed information on this.

 

 

Thursday
May062010

Possible Human Error Causes Rapid Market Decline

I was going to post something on Human Error in a later post, but in light of today's alleged incident in the U.S. Markets which caused a nearly 1000 point drop in the Dow I thought I would at least touch on it.

Currently here is what we know about the alleged incident - (Which is still being investigated) A trader at Citi entered a "B" for Billion instead of an "M" for Million. This in turn caused a nearly $10 {CORRECTION it was about $20 give or take a few} stock price dip in PG, and subsequently caused the rest of the market to drop before recovering. 

On the good side, these things can be researched, and fixed. However, in an already skittish and heavily volitile market it can easily cause additional panic by the average investor.

In addition to other issues, it has already been proposed that someone else who knows what they are doing could easily manipulate the market and cause an intentional crash (I believe the commentators were implying a cyber-terror event).

Already the investigations by the SEC have begun and we will have to wait and see what the outcome will be.

Look for a future post coming soon about Human Error and the Impact on Business coming soon.

Tuesday
May042010

Disaster Cleanup and Recovery Safety Guidelines

As preparedness experts like myself will often tell you it is best to be prepared before a disaster strikes. Whether you are an individual or a business, you'll often hear get a kit, make a plan, stay informed.

Part of being well prepared is knowing what to do once a disaster does strike and remaining safe during recovery and cleanup operations is extremely important.

Unfortunately well intentioned people often rush in to recover items from their home or business, not realizing they may be placing themselves in harms way. In addition when insurance companies and policies are involved moving, cleaning and removing items will likely lessen or even revoke your privilege of receiving a payout if the insurance adjuster has not inspected the property (this is another topic, but important to be aware of).

There are clear guidelines from agencies such as OSHA that provide minimum safety requirements that must be followed by recovery personnel. In some cases other industries may also have other guidelines such as the EPA, as well.

Though you can find a complete and comprehensive listing of these safety guidelines at various sites (I'll provide a list of them at the bottom) here are some basics to be aware of after a natural disaster:

Cleanup work of any kind is hazardous, but flood conditions make it even more so. Following the procedures listed below will help to keep you safe and healthy while cleaning up after natural disasters that involve flooding.

Health Tips

  • Take frequent rest breaks when lifting heavy, water-laden objects. Avoid overexertion and practice good lifting techniques. To help prevent injury, use teams of two or more to move bulky objects; avoid lifting any materials that weigh more than 50 pounds per person, and use proper automated lifting assistance devices if practical.

  • When working in hot environments, have plenty of drinking water available, use sunscreen, and take frequent rest breaks. Wear light-colored, loose-fitting clothing.

  • Be sure a first-aid kit is available to disinfect any cuts or abrasions. Protect open cuts and abrasions with waterproof gloves or dressings.

  • Wash your hands often during the day, especially before eating, drinking, or applying cosmetics.

General Precautions

  • Use a wooden stick or pole to check flooded areas for pits, holes, and protruding objects before entering.

  • Ensure that all ladders and scaffolds are properly secured prior to use.

  • Conduct a preliminary worksite inspection to verify stability before entering a flooded or formerly flooded building or before operating vehicles over roadways or surfaces. Don't work in or around any flood-damaged building until it has been examined and certified as safe for work by a registered professional engineer or architect.

  • Washouts, trenches, excavations, and gullies must be supported or their stability verified prior to worker entry. All trenches should be supported (e.g., with a trench box); if no support is available, the trench must be sloped at no less than a 1:1 (45°) angle for cohesive soil and 1:1½ (34°) angle for granular soils including gravel, sand, and loamy sand or submerged soil or soil from which water is freely seeping.

  • Establish a plan for contacting medical personnel in the event of an emergency.

  • Report any obvious hazards (downed power lines, frayed electric wires, gas leaks or snakes) to appropriate authorities.

  • Use fuel-powered generators outdoors. Do not bring them indoors.

  • Use life-vests when engaged in activities that could result in deep water exposure.

  • Use extreme caution when handling containers holding unknown substances or known toxic substances (for example floating containers of household or industrial chemicals). Contact the Environmental Protection Agency for information on disposal at the National Response Center (1-800-424-8802).

  • Do NOT use improvised surfaces (e.g., refrigerator racks) for cooking food or for boiling water to avoid exposure to heavy metals.

Clothing and Personal Protective Equipment

  • Always wear water tight boots with steel toe and insole, gloves, long pants, and safety glasses during cleanup operations; sneakers should NOT be worn because they will not prevent punctures, bites or crush injuries. Wear a hardhat if there is any danger of falling debris.

  • Wear a NIOSH-approved dust respirator if working with moldy building materials or vegetable matter (hay, stored grain, or compost).

  • When handling bleach or other chemicals, follow the directions on the package; wear eye, hand, and face protection as appropriate; and have plenty of clean water available for eye wash and other first-aid treatments.

Electrical Hazards

  • Do NOT touch downed power lines or any object or water that is in contact with such lines.

  • Treat all power lines as energized until you are certain that the lines have been de-energized.

  • Beware of overhead and underground lines when clearing debris. Extreme caution is necessary when moving ladders and other equipment near overhead power lines to avoid inadvertent contact.

  • If damage to an electrical system is suspected (for example, if the wiring has been under water, you can smell burning insulation, wires are visibly frayed, or you see sparks), turn off the electrical system in the building and follow lockout/tagout procedures before beginning work. Do not turn the power back on until electrical equipment has been inspected by a qualified electrician.

  • When using a generator, be sure that the main circuit breaker is OFF and locked out prior to starting the generator. This will prevent inadvertent energization of power lines from backfeed electrical energy from generators and help protect utility line workers from possible electrocution.

  • Be aware that de-energized power lines may become energized by a secondary power source such as a portable backup generator.

  • Any electrical equipment, including extension cords, used in wet environments must be marked, as appropriate, for use in wet locations and must be undamaged. Be sure that all connections are out of water.

  • All cord-connected, electrically operated tools and equipment must be grounded or be double insulated.

  • Ground-fault circuit interrupters (GFCIs) must be used in all wet locations. Portable GFCIs can be purchased at hardware stores.

Fire Protection

  • Immediately evacuate any building that has a gas leak until the leak is controlled and the area ventilated.

  • Be sure an adequate number of fire extinguishers are available and re-evaluate the fire evacuation plan.

  • Be sure all fire exits are clear of debris and sand bags.

This fact sheet discusses hazards potentially confronting workers cleaning up after natural disasters. For more information on OSHA assistance see the agency's website at www.osha.gov or call 1-800-321-OSHA.

Here is a listing of websites with more details on Recovery Clean up and Safety:

OSHA: Keeping Workers Safe During Clean Up and Recovery Operations Following Hurricanes

OSHA: California Wildfires

OSHA: Preparedness and Response

CDC: Clean Up Safely After A Disaster

 

Stay Safe my friends,

Keith Erwood

 

Monday
May032010

Disaster Tip of the Week: Can't Get Through On Your Cell Phone After A Disaster, Try Sending A Text Message

In times of disaster and crisis it is often difficult to get through to other people over the phone whether it is a land line based system or a cellular phone.

However, the one thing that does work is sending SMS based texted messages. This is due to the way SMS messages work, the important thing to know is that they require less bandwidth to send the messages over the network, and once you hit send your mobile device will keep trying to send the message until it is sent if the network is busy. All this increases the chances that your message will be sent to its destination.

Though I wont get into the super techincal of how SMS messaages work or the different protocols and spectrums involved, the important part is that you know that your message will get through and you have other options if you can't place a call.

Here is a little more on how SMS works and here: How Short Messaging Service Works

Why SMS Is Limited to 160 Characters

If you have any doubt the use of SMS messaging goes back to September 11th when people used it to send messages to loved ones. I also personally used SMS messaging duing 9/11 when I could not get through on the phone.

Though other examples may exist before then, this was the first major event to show that SMS text messages are a reliable way of getting your communications through after a disaster.

Since then, other examples include Katrina, the Mumbai terror attacks, and the earthquake in Hatti as well as others.

 

 

Thursday
Apr222010

Volcanic Ash Causes Disruptions and Anger Over EU Response

Just when you thought your business continuity and disaster preparedness planning had accounted for everything, Iceland’s Eyjafjallajökull volcano erupts spewing ash into the atmosphere and into trans-Atlantic and European flight paths.

The ash prompted the closing of European airspace and cost the air carriers an estimated $1.7 Billion U.S. Dollars. It also resulted in a backlash of anger from both passengers and carries who feel that the need for a complete shut down of European airspace was unnecessary.

Most of the outrage seems directed at EU leaders and why it took them five days before they even had a conference call on the issueonce the flights were canclled. Though safety should be the top concern many are wondering why proper monitoring of ash by airplanes with sensors is not being done as is in the United States.

Most organizations today do not have plans for volcanic eruptions and disruptions caused by ash clouds in their business continuity and disaster preparedness plans (unless they are in close proximity to a volcano). However, most organizations especially the ones who operate globally, have plans based on travel disruptions (or at least they should).

These travel disruption situations should work well and are a good example of how you can use All-Hazards planning within your business.

The current models (computer based models - of which I am not a big fan) and guidance from International Civil Aviation Organization (ICAO) are based on data from the 1980's dictate that when there is ash present flights remain grounded.

Today, after the complete closure of EU airspace and the economic loss from the flights many are calling for new methods and consider the response outdated. New methods and scientific data should be utilized but safety should be the first and foremost consideration and not profits.

As stated in the video interview above this could develop over time and become worse leaving only windows for air travel during the next few months if the volcano continues to erupt.

 

More information:

BBC - How Volcano Chaos Unfolded in Graphics

BBC - Iceland Volcano in Maps

BBC - Animated Guide Volcanoes