Assessing Response to Superstorm Sandy

Business Continuity Planning Put to the Test

By , November 1, 2012.
Assessing Response to Superstorm Sandy

In New York, New Jersey and other northeastern states, millions of residents are still coping with the devastation caused by Superstorm Sandy. Meanwhile, information security professionals are continuing to help carry out business continuity plans.

See Also: Advances in Application Security: Run-time Application Self Protection

At least 76 people in the U.S. and two in Canada died during the storm, raising Sandy's overall death toll to 145 after earlier claiming 67 lives in the Caribbean, according to a midday Nov. 1 CNN report.

Millions were still without electricity on Nov. 1, and utilities in the hardest hit states, such as New Jersey and New York, said it could take a week to 10 days to restore power in some areas.

Estimates of the costs from Superstorm Sandy continued to rise. The risk assessment consultancy EQECAT pegs total economic damage from Sandy to be between $30 billion and $50 billion, with insurers picking up between $10 billion and $20 billion of that tab.

At the height of Sandy's violent run, many computer systems in key sectors, such as government, banking and healthcare, continued to function, in part, because of careful business continuity planning.

Despite dealing with major challenges, none of the officials at governments, banks and hospitals contacted by Information Security Media Group's editors reported significant problems with executing their disaster plans. But many say they'll conduct fuller assessments once the situation stabilizes.

"During the process and after the storm, we will always look for ways to improve preparedness for incidents and business continuity," says Neil Brazil of HSBC Bank USA.

Telecommunications Woes

Trouble with cellular telephone service, as well as power outages, meant those attempting to work at home - or reach out for assistance - faced serious challenges.

Verizon, a major telecom provider for the Northeast, managed to keep its national and regional command and control centers operational. But power outages and flooding took a toll on cellular service in some areas, such as lower Manhattan, resulting in tens of thousands of customers seeking places to find a strong signal to make calls - as well as sites where they could recharge their phone batteries.

"Although we will be working with all available resources to restore service for our customers, some pockets of damage are extensive and could take up to a week or more to fully restore," says Bob Mudge, president of Verizon's consumer and mass business division. "Some restorals will require physical rebuilding of our facilities, and others will require the return of commercial power."

Banking, Healthcare Issues

Power outages caused by Sandy's hurricane-force winds and floods forced hundreds of bank branches to close and shutter their automated teller machines. Wells Fargo's Sara Hawkins says the bank deployed three mobile ATMs to stricken communities.

Bank of America had hoped to deploy mobile ATMs in blacked-out lower Manhattan on Halloween night. "We ultimately couldn't get a signal in Manhattan," spokesman Mark Pipitone says. But, he says, BofA had planned to send a mobile ATM to Island Beach State Park along the New Jersey shoreline on Nov. 1 and hopes to have additional mobile ATMs in place in parts of northern New Jersey and Long Island, N.Y., on Nov. 2.

BofA's business continuity plan includes staging mobile ATMs in areas that lost power following a natural disaster, so why did the bank wait for several days to deploy them after Sandy? "We need time to assess the situation," Pipitone explains. "This effort works in conjunction with our overall business continuity planning, which includes getting traditional banking centers and ATMs back online."

With some of the largest hospitals in New York and New Jersey evacuating hundreds of patients because of power outages, Health and Human Services Secretary Kathleen Sebelius declared a public health emergency for both states.

The declaration means HHS may permit affected healthcare facilities to adjust certain operating procedures temporarily so services can be delivered. For example, it could enable qualified residents to be admitted to a nursing home and be covered by Medicare without the normal three-day prior hospital stay. It could also enable temporary alternate service locations to be quickly established.

Disaster Recovery Insights

In interviews with Information Security Media Group editors, security professionals in the healthcare, government and banking sectors offered assessments of their disaster recovery efforts.

Healthcare Sector

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE FTC Shutters Alleged Tech-Support Scam

A U.S. federal court has shut down what the FTC alleges was a fake tech-support firm that posed as...

Latest Tweets and Mentions

ARTICLE FTC Shutters Alleged Tech-Support Scam

A U.S. federal court has shut down what the FTC alleges was a fake tech-support firm that posed as...

The ISMG Network