Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Iberkis Faltas
February 19, 2016
The role of cyber security in emergency management is a broad topic that requires intense situational awareness training. Cyber security in emergency management is possible thanks to the collaborative effort of the public and private sectors, government agencies (federal, state, local, tribal and territorial government agencies), nonprofit organizations and partnership with the communities. Thanks to the collaborative efforts of the communities, the Department of Homeland Security (DHS) strategized the National Infrastructure Protection Plan (NIPP). It outlines the country’s strategic and operational efforts to prevent, disrupt and buoy the nation’s emergency management plan.
According to Franke & Brynielsson, the role of cyber security depends on all the previous principles plus policies, regulations and the ability to enhance operational responses. One of the most important roles of cyber security in emergency management is to provide organizational situational awareness. Government strategies and the emergency management plan represent the “big” picture. Franke & Brynielsson also assert that when the connecting interoperability between cyber security and emergency management is operating in dysfunctional awareness, lives are in danger.
The role of cyber security in emergency management should focus on the responsibility of the communities to build proactive and resilient collaborative and communicative strategies to stop threats proactively, determine vulnerabilities and build resilience from natural and man-made disasters. In 2006, DHS and the Federal Emergency Management Agency (FEMA) focused their attention on the nation’s 16 critical infrastructure sectors. The purpose of the plan was to reduce vulnerabilities, signifying effective emergency management strategies must be strategically constructed based on eight industry-focused principles: comprehensive, progressive, risk-driven, integrated, collaborative, coordinated, flexible and professionals.
Cyber security awareness helps emergency management disrupt two important operational threats. One is vulnerability associated with intended or unintended insiders’ threats due to the lack of preparedness. The second threat is associated with the damages to an organization’s systems that could go unnoticed until a critical situation forces the recovery of the systems. Emergency management and cyber security most work together. They must coordinate and provide the organization’s personnel training, awareness plans, visualization, prevention resilience and operational procedures to the organization’s personnel.
Within the government, Executive Order 13636 encourages organizations to be efficient, innovative and risk-analysis-driven in their approaches to cyber security infrastructure. In fact, NIPP (2013) outlines the nation’s strategies to reduce possible vulnerabilities affecting critical infrastructure resources at all levels of governance, recommending increasing security risks analysis and reducing vulnerabilities. Collier and Lakoff studied cyber security threats as the result of risen contemporary societies and modern technologies. In the 20th century, natural disaster, domestic and international socio-economic stressors, domestic and international terrorism, transmitted pandemic diseases and cyber war were problems of the government. Now, with the advance of technology, the growth of multiculturalism and the burden of threats influencing social dysfunctionalism, those problems concern all citizens, organizations and social-political nuclei in our society.
What is deemed a critical infrastructure issue for the government is a critical problem for any organization’s cyber security and emergency management team. Therefore, it should be treated as such. Organizations should start by establishing policies and regulations focused on preventing cyber security vulnerabilities, enabling interdependent systems to minimize interlinked damage resulting from emergencies. A contingency plan involving every single person in the organization should be in place. Natural and man-made disasters, insider threats, technical accidents, international and domestic terrorism and “hacktivism” are only a few of the issues that could affect an organization. All plans and strategies must be documented and upgraded periodically. The NIPP (2013) recommended strategies that “identify, deter, detect, disrupt and prepare for all threats and hazards.”
Cyber security and emergency management strategies should also include protecting the organization’s assets. The role of cyber security teams is to strengthen already implemented strategic plans and principles. They must focus on detecting and mitigating gaps and vulnerabilities in the systems. The organization’s data include the organization’s assets and values. It is the responsibility of the cyber security team, along with emergency management strategies, to implement the following:
Author: Iberkis Faltas, MA, PMP, is a doctoral candidate in public policy & administration. Email: [email protected]