Cynthia Taylor, CC
In the wake of the 18th anniversary of Hurricane Katrina, Hurricane
Idalia’s strike on Florida and Georgia, and Hurricane Lee in the
Atlantic, we start September,
National Preparedness Month
in the United States. September 10th is the peak of Hurricane season
with the busiest times running from mid-August to mid-October. It’s
during these times we have to understand that maintaining business
continuity is paramount for Cybersecurity and core to availability
within the CIA triad.
Having vertically evacuated downtown New Orleans for Hurricane Katrina, I personally witnessed how everything can go wrong–from failed levees to cell towers. This is why pre-planning is necessary, assessing various risks and scenarios, and continuously improving.
In this article, we’ll discuss some main points to consider and compare them to real situations that happened during Hurricane Katrina.
Step 1 - Create a Plan
Due to power loss and flooding from the hurricane, many base stations went out causing all cell signals in the area to disappear. Soon only pay phones had power and signal. Setting a communication plan in place prior to a disaster event can help you assist your employees and help your business recover quicker. You may want to look at how the Cybersecurity and Infrastructure Security Agency (CISA) handles emergency communications as a model.
Ready.gov offers information regarding the storm season in multiple languages and includes details on how to create an emergency plan . You can also look into how the Federal Emergency Management Agency (FEMA) prepares for Hurricane season , their recommendations , and potentially take their course .
Step 2 - Reviewing all Risks
Many businesses had difficulty recovering after the storm due to a
variety of challenges, including cases where the entire properties were
swept out to sea along the gulf coast of Mississippi and Alabama.
Examining best and worst-case scenarios can help you figure out what
programs to put in place, insurance that’s needed, and your recovery
time after the event.
If you’d like to incorporate table-top exercises at your organization, CISA offers a variety of physical security scenarios that you can try. Also, consider giving employees security awareness training around potential post-storm scams that can occur.
Step 3 - Open to Improvement
Even though this storm season is almost at an end, look into putting
together a plan for next year. There are always opportunities to enhance
your operations after a major incident. The City of New Orleans worked
on strengthening its levee system after the storm.
CISA currently looks at “extreme weather threats”
and their potential impact on critical infrastructure. You may want to
harden your infrastructure to withstand flooding and heavy winds. Take a
look at CISA’s information regarding
A lot of what we covered is foundational knowledge, but important to have in place. My family was very fortunate to be able to drive out of downtown New Orleans with a car that someone had siphoned the gas out of. We now have a more comprehensive plan of action when Hurricane season comes. You should evaluate what would be best for your organization should the time come.
Cynthia Taylor, CC has over 10 years of experience in IT. She graduated with her Masters in Cybersecurity and Information Assurance from Western Governors University in 2022. She currently works in Application Security and Vulnerability Management in the Aviation Industry.