Business Continuity Week – March 21 – 25

It is Business Continuity Week.  Take a stroll on over to the BCAW website for some good old fashioned online discussion, in-person events, webinars and networking.

Business Continuity Awareness Week (BCAW) has been organized internationally since 2005 to raise awareness and enhance the ability of all types of organizations to practice Business Continuity Management (BCM).  This year DRIE, CCEP, BCI Canada, the Canadian Red Cross and DRI Canada are teaming up once more to promote BCAW.

The Theme for 2011 is:   “building RESILIENCE to protect value and reputation.”

“Resilience is not about preventing disruptions.  Business continuity incidents are, by their nature, largely unpredictable.  Resilience is the ability to absorb, respond and recover from disruptions.”

BCAW is an excellent method for educating organizations on the importance of business continuity planning.  The site focuses on sharing experiences, knowledge and best practices, providing a public meeting place that provides BCAW members with a shared calendar , discussion forums , member profiles , photo gallery , file storage and more.  By working together we can all be better prepared to handle adversity when it arises.  Users of the site are encouraged to complete an online profile, upload photos, and participate actively in discussions.

What are you doing for Business Continuity Awareness Week?

DDoS On Dutch Bank

ComputerWorld has posted an article recently on a subject that I haven’t heard a lot about for the last year.  It seems a Dutch bank was the victim of a malicious Distributed Denial of Service (DDoS) attack.  I say malicious, as there have been instances where a bank was accidentally hit with a traffic flood due to misconfiguration of a common tool, and even some spotty attacks that were quickly detected and avoided.  But nothing that I can recall recently where a brazen attack was aimed squarely at a bank, and took them off the map for a couple of days.  Apparently, the Dutch Government has been detecting similar attacks on their networks.

In my work with the Canadian Financial Institution Computer Incident Response Team (CFI-CIRT), I examined and reported on DDoS avoidance and response practices on behalf of the Canadian banking community.  Not a lot had changed from the last time that I had looked at DDoS protection mechanisms several years prior.  The solutions were just as expensive, just as finicky, and just as hard to justify to management without a direct attack to show losses against.  Your choices seemed to be (pick any 3):

  • Over provision your bandwidth.
  • Keep a second provider as a disaster recovery / incident response alternate.
  • Add an appliance or three to your architecture to examine and scrub the data stream.
  • Subscribe to a third-party service that filters the data stream.
  • Subscribe to a third-party service that provides redundant routes to the nth degree.
  • Convince your ISP to provide filtering services on demand as part of your incident response plan.
  • Build an internal response plan that engages the right folks to escalate the response externally.

Has anyone looked into DDoS solutions lately?  Have there been any improvements in the choices and offerings available to large and small businesses?

Disaster Recovery or Business Continuity, Plan, Plan, Plan

In various companies, I have assumed the role of IT Manager in many shapes, forms and job titles.  One of the first things that I have usually done as part of that transition has been to look for Disaster Recovery & Business Continuity plans.  Mostly, they didn’t exist.  Occasionally, they were in various states of readiness.  One firm in particular had an excellent Network Manager who didn’t realize that he had been preparing and updating a pretty good tactical DR plan for several years. 

Every single year without fail, the highrise office tower that the company was headquartered in would pull the plug on all 40-some-odd floors, and make repairs and updates to its electrical, mechanical, HVAC and other life supporting systems.  In preparation for this big event, every single server, every router, switch and even desktops, had to be visited in order to prepare and shut down clean so as to protect critical data and resources.  This often involved taking the extra time to patch, test, fail-over and repeat, before everything goes black.  This is a monumental task, and I think I still owe that guy a big thank you and a small beer for maintaining such a good inventory checklist, as well as doing the majority of the heavy lifting during those crazy weekends.  (Cheers Al!)

With this documentation in hand, it was fairly easy to determine what were the “crown jewels” within the organization, what the business could not afford to be without for an extended length of time, and also, what needed to be stood up fast in the event of catastrophe.  The exercise also made clear what needed to be backed up, what needed to be duplicated, and what required full, live replication in order to meet both disaster and continuity goals.

What are those goals?

Continue reading

Updated Earthquake Guide

Approximately 5,000 earthquakes are recorded in Canada each year, most of them small ones. While earthquakes can occur in any Canadian region, British Columbia is most at risk from a major earthquake. Other areas prone to earthquakes are the St. Lawrence and Ottawa River valleys, as well as parts of the three northern territories.  Canada’s Minister of Public Safety has released the Government of Canada’s updated Earthquake Guide to help Canadian families prepare for and respond to a sudden earthquake.

We all have a role to play in keeping our families and communities safe, and that includes ensuring we take as many precautions as possible to prepare for emergency situations and natural disasters.  This guide is about proactive emergency preparedness, providing a 3 step contingency plan.  The 2 non-incident specific steps can help families prepare for other emergencies as well.

The release of this updated Earthquake Guide comes as British Columbians prepare for a province-wide earthquake drill on January 26, 2011, the 311th anniversary of the largest quake in Canadian history.  “The updated Earthquake Guide provides clear, important advice for individuals and families in the event of an earthquake.  This includes being prepared to cope on our own for at least the first 72 hours so emergency teams can focus on those in the most urgent need.  Every one of us should be aware of the risks, make a plan and obtain an emergency kit,” concluded Minister Toews.

Canada’s National Platform on Disaster Risk Reduction

Vic Toews, Minister of Public Safety, has announced Canada’s National Platform on Disaster Risk Reduction, to better protect Canadians in the event of a disaster.  The establishment of Canada’s National Platform further strengthens existing coordination on domestic disaster risk reduction initiatives developed by Public Safety Canada, such as the National Disaster Mitigation Strategy, the National Strategy and Action Plan for Critical Infrastructure, and the Federal Emergency Response Plan

“Natural disasters, such as floods and severe weather can happen almost anywhere in Canada and it is important we do everything possible to reduce the risks before such events occur,” said Minister Toews. “Through the National Platform on Disaster Risk Reduction, we are ensuring a comprehensive, coordinated approach to emergency preparedness and disaster recovery. Everyone benefits when governments, non-government organizations, academia, and the private sector work together toward the same goal – the safety and security of Canadian families.”

The National Platform on Disaster Risk Reduction also allows stakeholders from across the public sector, the private sector, academia, and non-governmental organizations to:

  • Share ideas and action in order to address disaster risk reduction issues
  • Work towards better integration of disaster risk reduction in national emergency management policies, plans and programs,
  • Strengthen stakeholder relationships to address gaps in prevention/mitigation, preparedness, response and recovery.

Check out the full announcement.