There’s been a lot in the news recently about the vulnerability of the electric power grid in the United States. Last month’s incident in which a severed transmission line in Maryland cut power to much of Washington came on the heels of a March USA Today report about “bracing for a big power grid attack.” That report spotlighted a coordinated attack in April 2013 on Pacific Gas & Electric’s Metcalf substation in California, which resulted in $15 million in damage to its fiber-optic lines and transformers.
“The country’s aging power grid leaves millions vulnerable and could have devastating consequences for not only everyday Americans, but some of the nation’s largest enterprises,” said Robert DiLossi, director of crisis management at Sungard Availability Services, a cloud computing, disaster recovery, and managed hosting services provider in Wayne, Pa. In a recent email interview, DiLossi shared some enlightening tips for CIOs and other IT leaders on how to prepare for an attack on the power grid.
“Increasingly, chief information officers and security leaders at enterprises are turning to resiliency plans to mitigate the impact of any attempt or success at hacking into their IT systems,” DiLossi said. “They are considering or employing several defenses in the event an attack strikes the nation’s power grid.”
DiLossi said these defenses include recovery testing, which involves assessing current business continuity plans and adjusting them where needed. He noted that Sungard, for example, employs a 12-week cycle in assisting customers with disaster-recovery planning. He noted that the customer’s employees who would actually be involved in a disaster take part in the testing, so as to create a realistic experience. DiLossi said the program determines how often testing should occur, which is preferably twice a year.
Another defense, DiLossi said, is crisis planning, which includes helping customers plan and prepare for a disaster by monitoring weather across the country and obtaining and grasping cybersecurity intelligence gleaned by a number of private and government agencies. In this context, DiLossi suggested that companies:
- Prepare their defenses through building timelines, addressing critical trigger points, and emphasizing the importance of maintaining their disaster-recovery plans.
- Consider their telecommuting and work strategies, focus on internal resource planning, and ensure appropriate workgroup space is lined up should a disaster occur.
- Create mobile recovery units to provide an IT workspace should their space be impacted during or after a disaster. These units help companies remain operational through the recovery stage, as they did during several hurricanes.
DiLossi suggested that CIOs consider what companies learned in April 2003, when a power blackout in the Cleveland area spread to become the biggest in U.S. history. He said the lessons they learned can apply to preparing for an attack on the power grid:
- Test your disaster-recovery plans regularly—at least once and preferably twice a year—with disaster simulations, to keep the plans ready and on the cutting edge.
- Establish a “metrocenter,” which is a recreated office and dedicated workspace away from their offices where employees can be up and running within minutes.
- Upgrade backup systems.
- Establish contingency plans for backup generators to be used for operations other than treating patients.
- Set up delivery contracts with vendors that can supply bottled water and other essential supplies during the blackout. Prepare “go to war” boxes with batteries, flashlights, extension cords, and other emergency gear, and assign specific employees to retrieve these supplies and distribute them.
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.