Hurricane Sandy Threatens East Coast
Time to Enact Business Continuity/Disaster Recovery PlansAs dawn broke over the U.S. east coast on Monday, Oct. 29, federal and state governments, businesses and schools dusted off their business continuity/disaster recovery plans in preparation for the arrival of Hurricane Sandy.
See Also: Gartner Guide for Digital Forensics and Incident Response
At 5 a.m. EST Monday, according to the National Hurricane Center, Sandy was a Category 1 hurricane, located 385 miles south-southeast of New York City and traveling at an estimated 15 mph, bringing sustained winds of up to 85 mph.
Anticipating damaging winds and flooding rains from the massive storm, President Obama declared a state of emergency in Washington, D.C., where federal offices were closed. Obama approved similar declarations for New York, New Jersey, Connecticut, Massachusetts, Maryland and Pennsylvania, where schools were closed and many workers were told to stay home. Public transportation was halted in many of these states, and some residents were evacuated from coastal areas.
The National Credit Union Administration issued an alert to member credit unions, urging east coast institutions to prepare for the storm. Both the New York Stock Exchange and Nasdaq, which rarely shut down because of weather, announced they would close Monday, and they may be closed Tuesday, too.
Expected to make landfall on the Jersey Shore late Monday, Sandy is reported to have claimed 67 lives so far - most of them in Haiti - and experts fear the potential impact of this storm when it collides with a cold front from the west, forming what some have dubbed a "Frankenstorm" that could hang over the region for days. In all, an estimated 50 million people are expected to feel Sandy's impact, and the Federal Emergency Management Agency estimates wind damage alone to add up to $2.5 to $3 billion.
One U.S. Coast Guard official put the situation in perspective for CNN: "Sandy has a tremendous amount of energy," said U.S. Coast Guard Rear Adm. Steven Ratti. "It could be bad, or it could be devastation."
In Connecticut, Connecticut Gov. Dannell Malloy was quoted as saying "The last time we saw anything like this was never."
Memories of Irene
Storm preparations bring back memories of Hurricane Irene, which caused damage, flooding and power outages in many of the same east coast states in August 2011. That storm - far milder than Sandy is expected to be - also hammered home strong messages about disaster preparedness, says Alan Berman, executive director of the Disaster Recovery Institute.
"I think what we saw after Irene last year was the fact that we really have to prepare," Berman says in an interview with Information Security Media Group's Tom Field [transcript below].
According to Berman, 2011 was the worst-ever year for disasters, with 782 major incidents adding up to $400 billion in insurance claims. But he feels organizations learned important lessons from these crises.
"We've started to become more prepared, and especially for hurricanes, something we can now anticipate," Berman says. "You're seeing more people start to move their data offsite. They're starting to look at more back-ups. They're looking at redundancy and certainly there's more and more interest in cloud technology."
For more from the Berman interview on disaster preparedness, see below.
For more on business continuity and disaster recovery, as well as fraud risks that arise during times of crisis, see:
- Disaster Averted for Most IT Systems;
- Business Continuity: What We're Missing;
- Phishing Scams Capitalize on Irene.
Berman on Disaster Readiness
Berman is executive director of the Disaster Recovery Institute and co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the U.S. Private Sector Preparedness Act (PS-Prep). In this interview excerpt, he discusses hurricane preparedness.
TOM FIELD: Are we more prepared for hurricane [impact] this year than we were a year ago?
ALAN BERMAN: I think we're more prepared. Aside from the emergency response, I think we're looking more and more at the interruption of data flows and how it has affected organizations. I was in Japan last year after the tsunami and the whole issue with supply chain, and we're seeing the same thing this year where people are concerned about getting data and resources from areas that have been affected by hurricanes, so we're seeing more distribution.
FIELD: In perspective, how bad was the disaster in 2011 from Irene, and what lessons if any do you believe organizations learned from that experience?
BERMAN: 2011 was the worst year for disasters in our history. There were 782 major disasters. Insurance claims exceeded $400 billion. But we started to become more prepared and especially for hurricanes, something we can now anticipate. You're seeing more people start to move their data offsite. They're starting to look at more back-ups. They're looking at redundancy and certainly there's more and more interest in cloud technology.
FIELD: Why does it take a significant disaster such as a hurricane for organizations to heed the lessons that we've all spoken about for years?
BERMAN: For large multi-national and global organizations to communicate with the other parts of their organizations in areas that have been hit by disasters has become a huge issue. We're working much better on our communications. We're working better on notification and, more than that, we're working more on preparation. When we know things are happening, we're being more proactive in shifting activities from areas that might be affected to areas that are unaffected.
I think what we saw after Irene last year was the fact that we really have to prepare. We have to be able to have our technology.
FIELD: What's your advice for organizations that wonder if they're properly prepared?
BERMAN: There's nothing like testing. The worst time to test the plan is during an emergency, and we're seeing more and more of this testing going on. Not only are we seeing it within the organization, but for the first time we're actually seeing people perform the due diligence through their supply chain to make sure that they have uninterrupted information or uninterrupted supplies. We've now moved into a maturity that I think involves end-to-end planning as opposed to being myopic, saying, "Let's take care of my organization."