2013 marks the 10-year anniversary of the 2003 Northeast Blackout. A dramatic event that left around 50 million people in the U.S. and Canada without power, the Northeast Blackout was a wake-up call to many. At a time when businesses are more and more reliant on increasingly sophisticated technical solutions for their operational continuity and security functionality, this anniversary seems like an opportune time to remind IT and security professionals about the importance of designing and implementing an emergency-response plan. From emergency generators and other equipment, to the strategic planning, resource positioning and training that are a vital part of comprehensive planning and preparation, technical and security personnel need to be intimately familiar with the systems and strategies that they can put in place to back up data and keep critical security components continually running.
While 10 years may have passed since the 2003 blackout, the threat of power outages has not diminished. On the contrary, it is an ongoing — and growing — security threat. The number of large outages (defined as those that impact more than 50,000 individuals) has been on the increase since the early 1990s. News headline-making outages are just the tip of the iceberg; it is in fact the smaller and more localized power emergencies that have the greatest financial and security impact on properties and businesses. Consider this: Last year’s damaging and disruptive hurricane hybrid Superstorm Sandy left approximately 8.5 million people without power. But that is only one chapter in the 2012 story. Because, all told, outages impacted more than 40 million people last year. Without adequate preparation and protection, even a small outage can have devastating consequences for businesses and lead to dangerous and avoidable security exposures.
For responsible and responsive security and IT professionals, it is clear that something must be done. Simply crossing your fingers and hoping for the best is obviously not an option, but inadequate preparation is almost as bad as no preparation; a poorly designed or incomplete emergency-response plan can lead to a false sense of security and perpetuate bad habits and lazy thinking that can contribute to an erosion of security standards.
Understanding how to prepare for power interruptions, and designing an emergency-response plan that minimizes security lapses and maximizes operational continuity when outages do occur, has become a fundamental part of the professional toolkit for today’s security and IT professional. What follows is a basic checklist of tips, reminders and considerations that encompasses everything from gear to guidelines. While this list is not intended to be exhaustive and is necessarily limited in terms of technical detail, it does provide a strong conceptual foundation: essential strategies for security and IT professionals looking to design and implement a strategic plan that effectively safeguards the personnel, facilities, information and infrastructure they are assigned to protect. Applying these basic principles will help maximize return on investment and make planning and preparation more efficient and effective.
Security infrastructure
The most basic step to take to mitigate operational disruptions and potential security lapses that can result from a power outage is to make an investment in high-quality emergency generators. While some businesses and institutions are legally obligated to implement generator-backup protection, far too many have failed to take this basic protective measure. The decision to install a generator or generators is just the first step in the process, however; professional upkeep and regular maintenance are essential, and care should be taken to position generators in a location not vulnerable to flooding.
Power is protection
Just as the most sophisticated weapon requires ammunition, the most secure electronic alarm system is entirely reliant on its power supply. Even the best generators are useless without fuel. Establishing a reliable and secure fuel supply for your generators is essential. When fuel supplies are disrupted or interrupted — something that is especially common in the most serious emergencies and natural disasters — firms that have not made an investment in an emergency fuel program will almost certainly find themselves in a difficult position. The best emergency fuel-services providers have extensive infrastructure and resources at their disposal that make it possible for them to issue an ironclad guarantee that fuel service will be maintained in even the most challenging circumstances.
Sweating the details
The technical architecture supporting your generator array is oftentimes as important as the generators themselves. Some generators require time to power up, and ensuring a steady supply of power requires the implementation of an uninterrupted power supply (UPS). While the cost and specific functionality of various categories of UPS can vary, all perform the same basic function: providing the immediate emergency power source to bridge the gap between an outage and generator startup. Consult a specialist to ensure that the functionality and technical specifications of your UPS meet your specific power/generator requirements.
Making the call(s)
A crisis communication plan is a critically important (and frequently overlooked) part of every effective emergency-response plan. Too many otherwise thoughtful emergency plans that looked great on paper have proven to be ineffective when it counts simply because of the inability to relay important information in a timely manner to the right parties. Once the immediate power and security needs are addressed in the wake of an outage, establishing those lines of communication and communicating important messages and updates to employees, clients and professional partners should be a top priority. In many cases, it is impractical or impossible to fully secure the infrastructure, information and operations without those communications. The mechanisms used to facilitate those communications vary, but the most popular and effective include emergency-notification services (blasting group messages to phone or email lists) and social media channels. In fact, even the simple step of ensuring that employees are familiar with the firm’s Twitter feed and Facebook page can go a long way toward addressing the most pressing emergency-communication concerns.
Train and maintain
It may seem counterintuitive, but once an effective and comprehensive emergency-response plan is in place, that is when the hard work actually begins. Training your team and affirming and reaffirming the efficiency of employee response and the effectiveness of each aspect of the plan should be priorities that do not diminish over time. Regular, rigorous and repetitive drills and training protocols can help ensure that your emergency procedures and technical infrastructure are working as intended. Organizations and technologies change over time, and your security profile evolves accordingly.
If your plan is not updated and maintained, its efficacy will erode over time. Outside consultants and technical and security specialists can help outline the essential elements of an effective plan, but it is up to in-house security and IT professionals to integrate these best practices and adapt them to meet the unique operational, technical and security requirements of their own firm. Those who can do so successfully will find that they are prepared for and protected against the worst impacts from even the most severe power outages.
About the Author:
Bob Kenyon is executive vice president of Sales and Business Development for Atlas Oil Company and is responsible for overseeing the company’s sales and marketing efforts.In addition, Kenyon is responsible for business development for existing channels of trade, M&A opportunities and new product and service offerings. Kenyon joined Atlas Oil Company in 1997 and has held a variety of positions including Commercial Sales Manager, General Manager of Atlas Indiana, VP of Strategic Initiatives, VP of Sales and Operations and VP of Sales and Marketing. Kenyon’s petroleum career spans more than 18 years in the industry. He previously worked at Clark Refining as a Market Support Team Leader and Emro Marketing Company where he was District Manager.
