Home page logo

isn logo Information Security News mailing list archives

Y2K plans aided in recovery, but more planning needed
From: InfoSec News <isn () c4i org>
Date: Fri, 21 Sep 2001 02:41:32 -0500 (CDT)


September 19, 2001

The $5 billion that Wall Street spent to address the Y2k problem is
now paying off with last week's terrorist attack on New York's
financial district, IT managers said. But there have been other
issues, from communications to personnel management, that in many
cases were never considered in past disaster planning, experts said.

Gregor Bailar, CIO at the National Association of Securities Dealers
Inc., Nasdaq's Washington-based parent company, said he was glad the
Y2k planning gave his company the chance to rehearse a disaster before
last week's devastation. .

Nasdaq's Liberty Plaza offices weren't seriously damaged by the
collapse of the World Trade Center only hundreds of feet away, but
power and normal communications were cut off to the building, and
around 200 Nasdaq employees were relocated to the company's
headquarters in Connecticut and to an alternate office in New Jersey
provided by WorldCom Inc.

"We've got staff that's been here pretty much since the disaster
occurred," Bailar said yesterday. "And it's been critical to have
[communications] with senior managers. My pager was smashed in the
evacuation of the market site...but I had communications with them
through our crisis [telephone] line."

It's been an exhausting week for IT managers and workers who have been
splicing back together or rerouting the spaghetti of data and voice
wires that were cut or overloaded with traffic after the attacks on
the World Trade Center, which took out a major Verizon switching
station that served millions of customers. Cellular phone
communications were also hampered by the overload of calls last week.

John McCarthy, former deputy director of the National Y2k Information
Coordination Center in Washington, said if not for Y2k planning, the
financial services community wouldn't have been as well prepared for
last week's attack as it was.

Y2k brought the concepts of continuity management and risk planning
out of the "trenches where IT folks were" and into the boardroom. With
continuity management, companies take a close look at their staff,
processes, technology and information and what areas would be
vulnerable in various disaster scenarios.

The devastation from last Tuesday's terrorist attack created a new
benchmark in disaster planning and has probably changed the direction
of disaster planning discussions in the coming weeks and months.

"If I'd gone into a company and said I want you to pay for a
contingency plan for two planes crashing into your building...they
would have told me no thanks," said McCarthy, now a senior manager in
risk management at McLean, Va.-based KPMG Consulting Inc.

Some companies found their resources were strained when they simply
tried to determine how many and which of their employees had been lost
to the destruction. Managing IT workers who weren't physically harmed
in the attacks was also a trying task, IT managers said.

"It's been a tragic, emotional event with the country at war," said
Bailar. "The pain and exhaustion that comes from that alone was quite
different, but the coordination and precision involved in what we're
doing almost distracts you from that. We know what we have to do, and
we're doing it. I'm very proud of the team and the industry."

Cynthia Bonnette, assistant director of the Federal Deposit Insurance
Corp.'s Bank Technology Group, said one lesson she learned from the
attacks is that the reactions of employees need to be addressed more
thoroughly in disaster planning.

Bonnette said one area that's not often taken into consideration is
the panic factor, which creates "all types of confusion and problems
with communications."

"That's where including personnel planning is important. If you can't
reach key people, or certain phone systems aren't working, what would
you do?... Also, if certain individuals are not around, who'd be the
next person to go to?" she said. "A lot of the little details will
perhaps come out of this experience."

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • Y2K plans aided in recovery, but more planning needed InfoSec News (Sep 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]