2013 marks the 10-year anniversary of the 2003 Northeast Blackout. A dramatic event that left around 50 million people in the U.S. and Canada without power, the Northeast Blackout was a wake-up call to many. At a time when businesses are more and more reliant on increasingly sophisticated technical solutions for their operational continuity and security functionality, this anniversary seems like an opportune time to remind IT and security professionals about the importance of designing and implementing an emergency-response plan. From emergency generators and other equipment, to the strategic planning, resource positioning and training that are a vital part of comprehensive planning and preparation, technical and security personnel need to be intimately familiar with the systems and strategies that they can put in place to back up data and keep critical security components continually running.
While 10 years may have passed since the 2003 blackout, the threat of power outages has not diminished. On the contrary, it is an ongoing — and growing — security threat. The number of large outages (defined as those that impact more than 50,000 individuals) has been on the increase since the early 1990s. News headline-making outages are just the tip of the iceberg; it is in fact the smaller and more localized power emergencies that have the greatest financial and security impact on properties and businesses. Consider this: Last year’s damaging and disruptive hurricane hybrid Superstorm Sandy left approximately 8.5 million people without power. But that is only one chapter in the 2012 story. Because, all told, outages impacted more than 40 million people last year. Without adequate preparation and protection, even a small outage can have devastating consequences for businesses and lead to dangerous and avoidable security exposures.
For responsible and responsive security and IT professionals, it is clear that something must be done. Simply crossing your fingers and hoping for the best is obviously not an option, but inadequate preparation is almost as bad as no preparation; a poorly designed or incomplete emergency-response plan can lead to a false sense of security and perpetuate bad habits and lazy thinking that can contribute to an erosion of security standards.
Understanding how to prepare for power interruptions, and designing an emergency-response plan that minimizes security lapses and maximizes operational continuity when outages do occur, has become a fundamental part of the professional toolkit for today’s security and IT professional. What follows is a basic checklist of tips, reminders and considerations that encompasses everything from gear to guidelines. While this list is not intended to be exhaustive and is necessarily limited in terms of technical detail, it does provide a strong conceptual foundation: essential strategies for security and IT professionals looking to design and implement a strategic plan that effectively safeguards the personnel, facilities, information and infrastructure they are assigned to protect. Applying these basic principles will help maximize return on investment and make planning and preparation more efficient and effective.
The most basic step to take to mitigate operational disruptions and potential security lapses that can result from a power outage is to make an investment in high-quality emergency generators. While some businesses and institutions are legally obligated to implement generator-backup protection, far too many have failed to take this basic protective measure. The decision to install a generator or generators is just the first step in the process, however; professional upkeep and regular maintenance are essential, and care should be taken to position generators in a location not vulnerable to flooding.