When Disaster Strikes Your Network or Critical Infrastructure Environment, How Should You React?
There are many types of situations that we would consider disasters in your network or critical infrastructure environment. There could be a breach of confidentiality or theft of information caused by a disgruntled employee. A flood caused by a thunderstorm or hurricane may have destroyed your data center, causing a sudden shutdown and need for massive recovery and restoration due to water damage. There could also, in a worst case scenario, be a malicious attack on your environment caused by an act of terrorism, not a farfetched notion in the dangerous world we now live in.
In any of these events, our experience has showed us common threads related to preparation, response and recovery that apply to many or all industries and their network and/or critical infrastructure (SCADA) systems.
Offsite Recovery Location: Whether you are a bank, hospital or electrical utility, we recommend a secure, offsite location to which you should move your particular form of sensitive data. Different industries have different recovery time objectives. This means you might have “zero downtime” to consider, for example, for a water, electrical or other grid system (SCADA or network); to six hours downtime possibly if you are a bank to get your website up, versus an hour of downtime for regaining access to funds for your customers who may have read or heard something on the news about a disaster involving your bank. A hospital can’t afford a system disaster with machines which save lives tapped into your computer systems.
What are the Systems Involved? We refer to platforms, servers, operating systems, backup software, backup hardware, networks and storage involved with you recovering your applications. Keeping these systems current along with constant revisions of your security POLICIES governing your disaster recovery plan will ensure that when disaster strikes, you will be ready.
Design, Testing, Implementation of the DR and COOP Plans: The terms can get confused sometimes as these two critical plans overlap in areas. The disaster recovery plan is comprised of your incident response program coupled with your first line response blueprint, which should be at the heart of the your security policy and security program. Other pieces of any good program should also involve physical security policies and compliance requirements for those industries reporting to government standards bodies. Continuity of Operations plans (COOP) involve the “roadmap” leading to full restoration of normal operations in your environment. The MOST important step in all of this, our experience has shown is having your DR plan TESTED TWICE PER YEAR at the minimum, table top style or in a real life exercise. If you are managing all of this without assistance from an outside team of experts, good for you. If not, read on.
Where Are the Weaknesses in Your Environment? We know that the number one vulnerability in any network environment is where humans are involved. Your people should have the best possible place to perform this critical work, with your management team providing the best state of the art overall disaster recovery plans, security policies and structured team setup to tackle this nightmare scenario as quickly and efficiently as possible. Remember the old adage: You are only as strong as your weakest link. Systems crash and fail. Humans make mistakes. Take the time to harden not only your computer systems but your teams… with state of the art planning and testing, not just for incident response and systems recovery but for continuity of operations with a minimum of downtime, panic, bad publicity or the possibility of lawsuit and loss of goodwill and dollars.
We are The Saturn Partners, in business since 2001 providing the industries named above, plus the Federal Government, technology and educational sectors with cutting edge systems security solutions.