Showing posts with label Cyber Storm. Show all posts
Showing posts with label Cyber Storm. Show all posts

April 18, 2008

Disaster Preparedness and Enterprise Architecture

There are several disaster preparedness exercises that test and train our government and private sector partners’ ability to respond to incidents that could have catastrophic consequences. These exercises can be supported by a robust enterprise architecture; here is a brief description followed by a sketch of how EA can support disaster preparedness.


“Top Officials (TOPOFF) is the nation’s premier terrorism preparedness exercise, involving top officials at every level of government, as well as representatives from the international community and private sector. Thousands of federal, state, territorial, and local officials engage in various activities as part of a robust, full-scale simulated response to a multi-faceted threat.” [Exercises have tested responses to chemical, biological, and radiological attacks.]


Cyber Storm

“The U.S. Department of Homeland Security’s (DHS) National Cyber Security Division (NCSD) successfully executed Cyber Storm, the first national cyber exercise Feb. 6 thru Feb. 10, 2006 [and a second biennial exercise was conducted in March 2008]. The exercise was the first government-led, full-scale cyber security exercise of its kind…Cyber Storm was designed to test communications, policies and procedures in response to various cyber attacks and to identify where further planning and process improvements are needed.”


Government Computer News, 14 April 2008 reports on the Cyber Storm II exercise in which DHS “hosted federal, state, local, and international government agencies along with more than 40 private-sector companies” in these “high-stakes war games.”

Carl Banzhoff, the vice president and chief technology evangelist at McAfee summed it up as follows: “when the internet burns to the ground, how are you going to get updates?”

The goal was to test communication coordination and partnerships across sectors.”

Bob Dix, the vice president of government affairs at Juniper Networks said that “the greatest impediment to sharing information still is trust.”

Whether the preparedness tests are for terrorism or cyber security, the essence is to test our ability in preparing, preventing, responding, and recovering from security incidents. This involves building capability for uninterrupted communications, information sharing, and coordinated response.

How can enterprise architecture support disaster preparedness?

  1. Requirements—EA can capture strategic, high-level requirements from mission areas across the many functional areas of homeland security and weave these into a core map of capabilities to build to. For example, we have a requirement for system security that is mandated by law and policy, and securing our communications and infrastructure is a core capability for our information systems that must be executed. The weakest link in security has the potential to jeopardize all components and their response capability.
  2. Planning—EA analyzes problem areas and uncovers gaps, redundancies, inefficiencies, and opportunities and uses these to drive business process improvement, reengineering, and the introduction of new technologies. Improved business processes and enabling technologies can enable integration, interoperability, standardization, modernization, and information sharing that can enable a better prepared homeland security infrastructure. For example, identifying shared mission communities and building information sharing and collaboration among stakeholders in these improves our preparedness abilities.
  3. Governance—EA brings the various stakeholders to the table to vet decisions and ensure sound business process improvement and IT investments. Governance involves sharing information, building trust, and making decisions towards a unified way forward. For example, through the DHS Enterprise Architecture Board (EAB), the CIOs of all components can collaborate and engage in developing targets that will lead to implementation of best practices and standards across the Department that will improve overall efficiency of all components.

Of course, EA is not the be-all and end-all for preparedness, but it provides critical elements of requirements management, planning, and governance that contributes to disaster preparedness.