Posted by: David Schneier
bcp, business continuity planning, pandemic, Regulatory Compliance
I wanted to post a quick update regarding the looming threat of a true pandemic event courtesy of the swine flu.
In the past forty-eight hours I’ve had conversations with three separate clients in which the subject of their pandemic response plans were discussed. Mind you the initial reasons for these conversations were completely unrelated to this hot news item but its on my mind and I would be remiss to pass on the opportunity to dig a little.
All three clients, all three, had no idea if their pandemic plan would work (one wasn’t even sure they had one). Two of them discussed how they had a mobile work force to begin with and it wouldn’t be a big problem to have everyone dialing in. To which I asked if they had ever tested their networks capabilities to handle everyone dialing in literally at the same time; the answer was no. Then I asked about some of their critical business functions that couldn’t be managed remotely, how would that be addressed if a general quarantine is declared; they weren’t sure. The third client had a very small remote work force where more than eighty-percent of their users relied on desktops during the business day. If their employees couldn’t make it to the office due to a pandemic event they pretty much were shut down for the duration. And in their industry that’s just simply not allowed. Their strategy has always been that only senior management and technology team members required a laptop and could manage issues remotely should they occur. But they never anticipated having an issue like this.
One of the clients was dismissive of my concerns that a general quarantine could be declared; “never happen” was the comment. So when I awoke this morning to news that President Obama is alerting schools to prepare for the possibility that classes will be suspended during this event I cringed. Typically I indulge in a bit of smugness when I’m right but not so much this time. This time I’m feeling a knot in my stomach.
I have concerns that in general our infrastructure is ill-prepared to handle a sudden and dramatic rush to using our telecom capabilities to run America remotely. I have further concerns that too many companies are going to be figuring out what to do by the seat of their pants. Some are small enough where that’s possible but many are way too big and would require advanced planning which now appears to be near impossible to get done.
I’m still not convinced that this threat is any greater than any other flu outbreak we’ve seen but I am concerned how we’re going to be able to respond (or rather not respond).
And as if though this isn’t a juicy enough story for me, the first confirmed fatality in the US from the swine flu was announced today. A toddler from Mexico was found to have had the swine flu; he passed away in a hospital in Houston. Guess where I am this week?