By using this website you allow us to place cookies on your computer. Please read our Privacy Policy for more details.

Homeland Security - Reducing the Vulnerability of Public and Private Information Infrastructures to Terrorism: An Overview

View Publication


 

Publication Date: December 2002

Publisher: Library of Congress. Congressional Research Service

Author(s):

Research Area: Economics; Government

Type:

Abstract:

This report assesses the impact of the September 11, 2001 attacks on public and private information infrastructures in the context of critical infrastructure protection, continuity of operations (COOP) planning, and homeland security. Analysis of the effects of the terrorist attacks suggests various "lessons learned." These lessons support three general principles. The first principle emphasizes the establishment and practice of comprehensive continuity and recovery plans. One lesson learned in this area is to augment disaster recovery plans. Businesses and agencies, who now must consider the possibility of complete destruction and loss of a building, may need to augment their disaster recovery plans to include the movement of people, the rapid acquisition of equipment and furniture, network connectivity, adequate workspace, and more. A corollary to this lesson learned is the need to assure that recovery procedures are well documented and safeguarded so that they can be fully utilized when necessary. A second lesson is the need to back up data and applications. Without a comprehensive backup system that captures more than just an organization's data files, a significant amount of time can be lost trying to recreate applications, organize data, and reestablish user access. A corollary to this lesson learned is the need to fully and regularly test backup sites and media to ensure their reliability and functionality.

The second principle focuses on the decentralization of operations and the effectiveness of distributed communications. The lesson of decentralizing operations can be applied to the structure and location of an organization's operations. Industry experts suggest recovery sites be located at least 20-50 miles away form the primary work site. In addition, some observers suggest that human resources should also be located in more than one place to reduce the potential for losing a significant portion of one's workforce in a single event. Another lesson in this area is to ensure the ability to communicate with internal and external constituencies. In the event of an emergency, the demand for information skyrockets. An organization not only needs to communicate with employees regarding actions and procedures, but also with the citizens and customers to whom it is responsible for providing goods and services.

The third principle involves the institutionalization of system redundancies to eliminate single points of weakness. In this context, the lesson of employing redundant service providers is applied primarily to telecommunications services. In the event a central switching station is disabled, having multiple providers using different infrastructures for access can reduce the possibility of an organization losing its communications services and being unable to carry out its responsibilities. Another related lesson learned is the use of generic replaceable technology. In the event of a catastrophe, the ability to replace equipment quickly with easy-to-find products that do not require comprehensive customization, can contribute significantly to how quickly an organization's operations can be functional again. This report will be updated as events recommend.