Cynthia Taylor, CC
In the wake of the 18th anniversary of Hurricane Katrina, Hurricane
Idalia’s strike on Florida and Georgia, and Hurricane Lee in the
Atlantic, we start September,
National Preparedness Month
in the United States. September 10th is the peak of Hurricane season
with the busiest times running from mid-August to mid-October. It’s
during these times we have to understand that maintaining business
continuity is paramount for Cybersecurity and core to availability
within the CIA triad.
Having vertically evacuated downtown New Orleans for Hurricane Katrina,
I personally witnessed how everything can go wrong–from failed levees to
cell towers. This is why pre-planning is necessary, assessing various
risks and scenarios, and continuously improving.
In this article, we’ll discuss some main points to consider and compare
them to real situations that happened during Hurricane Katrina.
Step 1 - Create a Plan
Due to power loss and flooding from the hurricane, many base stations
went out causing all cell signals in the area to disappear. Soon only
pay phones had power and signal. Setting a communication plan in place
prior to a disaster event can help you assist your employees and help
your business recover quicker. You may want to look at how the
Cybersecurity and Infrastructure Security Agency (CISA)
handles emergency communications
as a model.
Ready.gov offers information regarding the storm season in multiple
languages and includes details on
how to create an emergency plan
. You can also look into how the Federal Emergency Management Agency
(FEMA)
prepares for Hurricane season
,
their recommendations
, and potentially
take their course
.
Step 2 - Reviewing all Risks
Many businesses had difficulty recovering after the storm due to a
variety of challenges, including cases where the entire properties were
swept out to sea along the gulf coast of Mississippi and Alabama.
Examining best and worst-case scenarios can help you figure out what
programs to put in place, insurance that’s needed, and your recovery
time after the event.
If you’d like to incorporate table-top exercises at your organization,
CISA offers a variety of
physical security scenarios
that you can try. Also, consider giving employees security awareness
training around
potential post-storm scams
that can occur.
Step 3 - Open to Improvement
Even though this storm season is almost at an end, look into putting
together a plan for next year. There are always opportunities to enhance
your operations after a major incident. The City of New Orleans worked
on strengthening its levee system after the storm.
CISA currently looks at “extreme weather threats”
and their potential impact on critical infrastructure. You may want to
harden your infrastructure to withstand flooding and heavy winds. Take a
look at CISA’s information regarding
resilience services
.
A lot of what we covered is foundational knowledge, but important to
have in place. My family was very fortunate to be able to drive out of
downtown New Orleans with a car that someone had siphoned the gas out
of. We now have a more comprehensive plan of action when Hurricane
season comes. You should evaluate what would be best for your
organization should the time come.
Cynthia Taylor, CC has over 10 years of experience in IT. She graduated
with her Masters in Cybersecurity and Information Assurance from Western
Governors University in 2022. She currently works in Application
Security and Vulnerability Management in the Aviation Industry.