Unconventional crisis planning

There's not a company worth its salt that hasn’t, at least, given some consideration to crisis planning. Most of our crisis planning is based upon basic risk management strategies. Come up with a bunch of potential scenarios, apply some analysis to get a handle on likelihood and impact, and then come up with mitigation and management strategies.

You might even go as far as detailed scenario planning and carrying put practice exercise. For many of us, this can include things such as red/blue teams or corporate exercises.

But what happens when a tour business is faced with the completely unexpected disaster. Something that seemed so fantastic as to be impossible? For example, consider the devastation that was wracked by Hurricane Katrina in 2005 or the earthquakes that destroyed Christchurch in February 2011. Are there lessons that we can learn from those events?

What sets these sorts of events aside from other disasters isn't their severity – it's that they are unprecedented. For example, parts of Australia suffer from fires and floods regularly. Although these events are tragic and severe, we have lots of experience dealing with them. So, we have reasonably well understood processes and authorities for dealing with those incidents. But those other incidents are both large and completely unexpected so the established methods for dealing with crises break down.

James E. Beakley, the Director Project White Horse 084640 Research at Haines Security Solutions, points out that communication is key. In a recent presentation at the ISC West Convention in Las Vegas, he cited the example of the recent disappearance of Malaysian Airline Flight MH370.

"They revealed that they were 700 miles off where they ought to be. Why was that? The people that were working the aerodynamics and fuel consumption weren't talking to the people who were working the satellites".

The lesson – make sure that communication channels between key personnel are open. Often, traditional incident management revolves around assigning an incident manager who coordinate everything. When protocols are well understood this can work but in an unconventional crisis, knowing what information is critical and getting the right people to communicate is harder as you'll be dealing with many unknowns.

"The situations are such that when you look at what you see, you don’t get the feedback you need to make the right decisions," said Beakley.

He equates it to starting the process after having been "hit in the back of the head with a shovel". You're starting the recovery process from a position of extreme uncertainty.

In these situations, it might be tempting to go to your standard disaster process in such a process but Beakley says that taking these actions, when there are many more unknown factors than known factors, may actually exacerbate the issues.

Engaging in exercises where extreme events are played out can be a worthwhile activity. The most important thing that companies should take away from this practise is what they learn from their failures. It also helps them, in Beakley's view, to stop doing what they know to do and look for what they actually need to do.

"It's not about doing what you know, but knowing what to do," he said.

A further key element in successfully responding to an unconventional crisis is getting the right people in charge. Citing the example of what happens with the military in forward zones, Beakley said that sometimes, higher ranking officers need to delegate authority to the people on the front line and, at times, take direction for those with either better information or greater expertise.

Beakley emphasised the importance of doing the most you can to stay ahead of problems by being vigilant and prepared. It is unusual, even during an unconventional crisis, for an incident to escalate without any warning. It's important to listen to experts and deploy resources before a situation gets out of control. It's better to establish a response team and deploy resources prematurely and not use them, rather than be too cautious in deploying resources. The writer attended ISC West without any vendor sponsorship.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

More about CSOEnex TestLabWest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place