Disaster Due Diligence February 19, 2010
Workplace violence
HEADLINE: Officials: Texas plane crash targeted feds
SUMMARY: A Texas businessman upset with the Internal Revenue Service deliberately crashed his private plane into a multistory office building that houses federal tax employees, authorities said. The pilot was presumed to have died in the crash though his body had not been recovered. At least two people were seriously injured and a third person — a federal employee who worked in the building — was unaccounted for, fire officials said. Joseph Stack, 53, left a message on his company’s web site railing against the IRS and saying “violence is the only answer.’’
STORY LINK: http://www.msnbc.msn.com/id/35460268/ns/us_news-life/
ANALYSIS: Along with the obvious advice to avoid putting your office space in proximity to a potential target such as an IRS facility, this incident put an exclamation point on a week that served to illustrate that you never know when a disaster can strike, or in what form.
This week we have had:
-
Numerous hospitals and other organizations exercising some part of their emergency plans because of the weather. Many never considered a snow plan.
-
Another example of workplace violence (the item below) where lots of signals were missed by the organization and law enforcement.
-
Iran fast tracking a nuclear showdown in the Middle East.
-
Continued hacking, showing our computer network vulnerability.
-
Visa having around 70,000 accounts compromised, which has not made the news yet. I know because I was one of the people hit and found out because I used to work for a bank and my friends inside told me what happened.
-
The Olympics’ opening ceremony being marred by protestors and technical glitches.
All of these events required back-up planning. The question is, who did well, who got burned and who just got lucky because the incident wasn’t more severe or last longer?
HEADLINE: Students complained about prof charged in rampage
SUMMARY: The revelations continue in the case of the Alabama-Huntsville professor accused of killing three colleagues and wounding three others in a shooting rampage last week. Students told The Associated Press they complained to administrators at least three times a year ago regarding Amy Bishop’s bizarre behavior. Police have not revealed a motive in the shootings, but colleagues say she was vocal in her displeasure about being denied tenure. It has been revealed since the shooting that Bishop killed her brother with a shotgun in 1986 but was never charged because police said it was an accident, and that she and her husband were scrutinized in 1993 after someone sent pipe bombs to a Harvard professor with whom she worked. The bombs did not go off and no one was charged.
STORY LINK: http://www.google.com/hostednews/ap/article/ALeqM5hf_Cw1b1x1DmRrdG4hiu4P55yZTgD9DU364G0
ANALYSIS: Workplace violence happens every day. It is a recognized hazard by OSHA, yet 70 percent of businesses have no plan, and 43 percent of threats and 24 percent of attacks go unreported.
This story mirrors many others. Most episodes of workplace violence are preceded by warning signs. Clearly, that is the case here. Every company must train employees and managers as to what to look for and actions to take. Waiting until an employee feels the only solution is bringing a gun to work is too late.
Behaviors escalate. The sooner that they are identified the easier they are to resolve and get help. Do you know what the signs are? Do you know who to contact? If your employees cannot answer these questions quickly, then you do not have an actionable plan.
Communicable illness
HEADLINE: H1N1 virus' death toll as high as 17,000, CDC estimates
SUMMARY: The Centers for Disease Control and Prevention says about 17,000 have died from H1N1 infection and the majority of victims were 18 to 64 years old. By contrast, of the approximately 36,000 people in the United States who die from seasonal flu each year, 90 percent are age 65 or older. According to the report released last Friday, about 57 million people have been infected with H1N1 and 257,000 cases resulted in hospitalizations. Health officials continue to urge people who haven't received a vaccination to do so.
STORY LINK: http://www.cnn.com/2010/HEALTH/02/12/h1n1.deaths/index.html?hpt=Sbin
ANALYSIS: There is a persistent perception that the H1N1 “swine flu” pandemic fizzled out; that warnings were overblown and the danger really never materialized. Yet the numbers tell another story concerning risk perception, prevention and pervasive “disaster denial.” Consider these numbers placed in a different context. The 17,000 lives is equivalent to the entire undergraduate population of Yale, Harvard, and Princeton combined. When added to the roughly 36,000 people who annually succumb to the seasonal strain, the United States will lose the equivalent of the entire population of Cheyenne, WY. to flu this year. The number of people who have died from H1N1 is nearly six times greater than the total casualty count of 9/11.
These comparisons are revealing, as they illuminate a curious willingness to assume risk and the inevitable adverse outcomes rather than undertake proven and prudent precautions; such as immunization in the case of influenza. This begs the question, then, concerning self, family, community, and business: Are you as prepared as you could be? As you should be? It is unlikely that anyone actually plans on being the victim of a disaster. Sadly, neither do we typically plan for NOT becoming a victim. In essence, failure to plan for survival charts a course to the contrary. The tools for creating a Culture of Preparedness exist; all they need is the will to be implemented.
Cyber security
HEADLINE: War game reveals U.S. lacks cyber-crisis skills
SUMMARY: A simulated cyber attack this week revealed the vulnerability of U.S. systems and lack of coordinated response capabilities between public and private entities. The Bipartisan Policy Center staged the war game to demonstrate how such an attack could be crippling to the country. Stewart Baker, a former assistant secretary at the Department of Homeland Security who played the "cyber coordinator," said that the private sector – which owns 85 percent of the nation’s critical infrastructure --- was not prepared to defend against a cyber act of war and that the government needed to play a role.
STORY LINK: http://www.washingtonpost.com/wp-dyn/content/article/2010/02/16/AR2010021605762.html?wpisrc=nl_headline
ANALYSIS: Dec. 7, 1941 is known as a “Day of Infamy.” You know where you were on 9/11. For years, America felt its oceans keep it safe. These examples showed that was no longer true.
We face another attack of equal proportions that could potentially have even greater impacts. Hackers used to be kids and cyber attacks were nuisances. Today, cyber attacks carry the potential to stop commerce, bring down power grids, block communications, stall transportation, and render critical infrastructure useless. These attacks could last for days or weeks -- not just a few hours.
Planning needs to address all vulnerabilities, identify monitoring, establish triggers, and have strategies to mitigate. Yes, a cyber attack is an IT concern. A cyber attack is also a Board of Directors concern for the impacts on company operations.
Google saw attacks this month. The power grid saw attacks last year. The attacks are real and expected. Are you ready? What is your plan?
HEADLINE: Broad new hacking attack detected
SUMMARY: A coordinated global attack by hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months. The computer security company NetWitness discovered the breach, which exposed vast amounts of personal and corporate secrets, from credit-card numbers to intellectual property. In more than 100 cases, the hackers gained access to corporate servers that store data such as company files, databases and email.
STORY LINK: http://online.wsj.com/article/SB10001424052748704398804575071103834150536.html?mod=WSJ_hpp_MIDDLTopStories
ANALYSIS: Here’s another story reporting thousands of computers infected with the latest and greatest malware. The numbers are certainly daunting, but in reality this so far represents a relatively small percentage of potential targets. It does serve, however, as a sharp reminder of just how sophisticated the tools of the “cyber bad-guys” have become and that anyone or any business that lets its guard down for even the briefest moment can be subject to significant consequences.
Interestingly, news commentary about this attack and how to defend against it is lacking typical uniformity. Some security gurus are claiming that standard and up-to-date security defenses protect against this so-called “Kneber botnet.’’ Other entirely credible sources, however, report that investigation has shown that up-to-date antivirus software has only been 23 percent effective in blocking this attack. About the only strategy that wins consistent agreement is that the best way to prevent this and other future attacks is to have a well-architected, multiple-strategy security approach.
Just as the Maginot Line turned out to be an ineffective defense strategy for France when the Germans simply went around it, one line of defense for computer attacks can show the same results. At a minimum, smart businesses monitor what is coming IN to their networks and desktop computers, what is already INSIDE, and what is going OUT. No one ever said running a business was fair, or easy.
Preparedness groups
Join Firestorm’s LinkedIn groups and help build a Culture of Preparedness for your family and organization:
DISASTER READY PEOPLE: http://www.linkedin.com/groups?gid=1914314&trk=myg_ugrp_ovr
WORKPLACE VIOLENCE: http://www.linkedin.com/groups?gid=1898572&trk=myg_ugrp_ovr
COMMUNICABLE ILLNESS: http://www.linkedin.com/groups?gid=1899278&trk=myg_ugrp_ovr
SWINE FLU: http://www.linkedin.com/groups?gid=1921222&trk=myg_ugrp_ovr
|
•
del.icio.us
digg
facebook