SUBSCRIBE TO BIG MED AT THE BIG MED SITE ON GOOGLE GROUPS.
Tuesday November 10, 2009
| AMERICAS | OCEANIA | EUROPE | MIDDLE EAST | ASIA | POLITICS | BUSINESS | RESEARCH | EDUCATION | WORKFORCE |
Big Medicine is published by Team EMS Inc.
Managing Editor
Contact: ideas@tems.ca
Views
Contributor Emeritus
Tools
Stop Violence Against Women & Girls
The views expressed here reflect the views of the authors alone, and do not necessarily reflect the views of any of their organizations. In particular, the views expressed here do not necessarily reflect those of Big Medicine, nor any member of Team EMS Inc.
VIEWS: IN FOCUS
Tyson Macaulay, CISA, CISSP, Hon BA
E:
Tyson.macaulay@bell.ca
T 613 292 9132
[1028 Ottawa ON]
Summary
Teleworking, as a core form of “social distancing”, is at the centre of pandemic response and risk management strategies for most organizations. Therefore pandemic response for most organizations relies on information and communication technology (ICT) infrastructure. These strategies are subject to a set of cascading threats and risks associated with service-degradation in help desks, voice messaging, telephony services, internet services and ultimately information assets.
This paper starts by illustrating four potential stages of impact which may occur in a domino-like sequence once a pandemic response has been activated. We then proceed to discuss a total of thirty-three sample controls which might be employed to mitigate the risk to ICT and information assets. Sample controls are grouped as management controls (ie, policy, contracting and risk transfer), operational (ie, procedures, standards) and technical (ie, ICT hardware, software or configuration) as summarized in the table below.
| Management controls | Operational controls | Technical controls | |
| Stage 1 impact [Help desk and Voice mail degradation] |
1. Financial authority and delegation policy update 2. Remote Access enrolment policy update 3. Personal communication devices policy 4. Policy on temporary or retired support staff 5. Flex-hours and vacation postponement policy 6. Mandatory cross-training policy |
7. Fastrack procurement 8. Fastrack remote access enrolment procedures 9. Social distancing 10. Batch processing procedures 11. Voice messaging conservation 12. Procedures enrolment of for temporary, retired staff or part-time staff 13. Best effort support on non-standard platforms |
14. Virtual Call Centres 15. Wireless mesh networking infrastructure |
|
Stage 2 impact (Internet Degradation) |
16. User prioritization policy 17. Application prioritization policy |
18. User Prioritization procedures 19. Application prioritization procedures |
20. SSL VPN deployment 21. Wireless Broadband 22. De-optimize web services |
|
Stage 3 impact (Telephony Degradation) |
23. Supplier and partner prioritization policy |
24. Supplier and partner prioritization procedures |
25. Switch re-direct 26. Virtual call transfer 27. Virtual queuing 28. Call overflow 29. Voice conferencing services |
|
Stage 4 impact (Information Asset Compromise) |
30.
On-line public 32. User classification |
33. On-line collaboration white lists, education and awareness 34. Counterparty audit |
35. Private on-line collaboration portals 36. Upstream Security and carrier-grade intelligence |
Intended Audience
This paper is intended for information technology and telephony executives and risk and security managers. The level of discussion is intended to provide management-level guidance, but assumes a knowledge of risk and security management processes. This paper may also be of interest to those auditing and assessing operational risk management either on a internal basis or as an independent third-party.
Introduction
Based on reports from the southern hemisphere’s winter of
2009 the pandemic threat is
not hypothetical, but many of response strategies which organizations
(nominally) intend to deploy are hypothetical and supported by
unsubstantiated assumptions about critical infrastructure.
The primary assumption underlying many pandemic response
plans is that information
and communications technology (ICT) will enable remote collaboration and
telework, allowing first responders, people from their support-areas and
other critical infrastructure sectors to keep working from remote locations.
Thus, allowing them to stay home to care for loved ones who may be sick and
/ or isolate themselves from potential infection.
While the ICT resources to support first responders (two-way
radios, mobile messaging
and phones, information sharing protocols) is largely in place and used on a
day to day
basis, the same cannot be said for the ICT resources supporting first
responders (for
example management and administration, IM/IS, logistics, facilities
maintenance) and
most organizations generally. The assumptions associated with ICT and
teleworking warrant scrutiny and investigation because they present threats
that may negatively
impact pandemic response management.
When it comes to pandemic response, most organizations have a limited picture of how a sudden shift to telework will affect their infrastructures and how to manage this change. Going beyond these impact, the organization will also experience cascading affects on partners, suppliers, clients and regulators, which are often beyond the event horizon of most planners dealing with pandemic response.
Methodology
This work has been developed through a process of interview and consultation with frontline pandemic-response professionals (medical/police/EMS), their support organizations and critical infrastructure operators generally. The interviews and consultations occurred between June and August of 2009.
Many of the controls in this paper are drawn from security
and risk standards such as ISO 27002 (Information Security Techniques) or
ISO 27036 (Security of outsourcing);
however, a direct mapping has not been undertaken because ISO standards are
threat neutral while this paper is built to address the specific threat of
pandemic flu.
Objectives
As the first goal of this paper we seek to provide insight into the technological threats to pandemic-response and the resulting organizational risks. We consider these threats in the context of telework as a central mitigation strategy for many organizations seeking to maintain operations. Telework itself is not a threat, but a sudden or even rapid migration to teleworking by a substantial proportion of the workforce can have un-anticipated effects.
The second goal of this paper is to present a variety of sample controls and safeguards which can lessen the technological threats and risks to pandemic response. These controls and safeguards have been designed for rapid deployment either proactively or reactively within days. The controls and safeguards will be discussed using the taxonomy of the National Institute of Standards and Technology (NIST): management controls, operational controls and technical controls (NIST 800-53)i.
All discussion will be undertaken in a vendor-neutral, agnostic manner so as to allow risk managers and executives to formulate and update their emergency management strategies using whichever vendor or service provider is best able to address their needs.
Pandemic response and ICT
Much of the focus on ICT to date has been on the resilience of resources
supporting first responders such as front-line heath workers, police,
emergency operations centres and certain government agencies. However, first
responders are entirely dependent on support from not only behind-the-scenes
support staff in their own organizations, but also other critical
infrastructure sectors such as telecommunications, finance, energy, food,
water, transportation, and specific forms of manufacturing. The ability of
these support staff and industries to remain functional during pandemic
response will be directly proportional to the assurance of their ICT
strategies, plans and infrastructures which support telework.
This section will first describe a typical ICT reference infrastructure from
a telework
perspective, and then outline a likely series of cascading impact-stages
which will effect an unprepared organization.
Enterprise ICT under normal conditions
ICT in typical organizations is designed and maintained for assurance under
normal
operating conditions, not crisis conditions. To the extent that some
organization design
ICT for crisis conditions the focus is on kinetic impacts, which require ICT
services be
rapidly redeployed to alternate locations – but to support otherwise normal
demands.
As we know, pandemic
response is about abnormal demands upon, not loss of, ICT
infrastructure. Since provisioning for this sort of crisis essentially
requires redundant
investments which will not support “classic” business continuity (fall-over
to alternate
sites) it is a form of preparedness rarely undertaken.
Figure 1 is a reference telework architecture for a sample organization. Two
primary ICT interfaces to the organization are show: an telephony interface
supporting voice and modem traffic, and an internet connection. These are
shared interfaces, not dedicated to internal employees or contractors. Other
users will include: partners, such as R&D partners, equity owners,
sister-organizations; clients for the goods or services produced by the
organization; suppliers of production inputs – both goods such as industrial
gases or parts, and a wide range of services such as accounting and payroll,
transport and logistics, catering, product support or even security
monitoring; and finally regulators from one or possible all three levels of
government (federal, provincial/state or municipal/city). Also depicted is a
simple security zone architecture where internet-facing resources are placed
within a demilitarized zone (DMZ), an applications zone used for services
available from the internet and internally, and finally an internal zone for
users and higher security applications. Note that a Help Desk is also
indicated, working from the assumption that internal users are supported by
internal staff. (Larger organizations may outsource ICT Help Desk functions,
in which instance it becomes a “Supplier” relationship.)
Pandemic scenario
This scenario has been developed using projections related to a H1N1 swine flu in North American in late summer 2009. For the purposes of this paper, there is no single, primary source of information offering an information set to completely describe a scenario; for instance, projections and metrics vary from source to source, as do the definitions used to frame the projected environments. Therefore we have drawn on multiple sources of information related to infection rates, reporting rates, mortality/morbidity rates and absenteeism to generate as plausible a scenario as possible. All sources are cited.
The following series of cascading ICT impacts is projected to occur where
a highly contagious viral infection, such as swine flu, is approaching
emergency proportions. Public authorities are projecting H1N1 infections
rates of 20% to 40% of the population over 2 years ii. Based on past
evidence from other infection diseases, those actually reporting infections
may be as little 0.1% of those infected iii. Therefore most people recover
without specific treatment; however, of those reporting, and using current
information from the U.S. CDC as a guideline, mortality for H1N1 is 0.6% of
those
experiencing serious enough effects to report iv and 6% of those
hospitalized v.
Finally, in our scenario, large public gatherings (movies, sport games, house parties) have just been officially discouraged by government bodies, and government workers are encouraged to telework. Parents, fearful of sending children to school, are sending student absentee rates above 20% or more. At this point, organizations in all parts of the country and economy may start to enter a pandemic response posture.
Pandemic ICT impact stages
The following stages will not appear in the same order in all organizations. Additionally, impacts not envisioned in this discussion are highly probable. This discussion is intended to posses a moderate level of detail, relying on professional risk managers with specific knowledge of individual organizations to fill in the blanks. As mentioned previously, we have targeted this discussion on the ICT infrastructure used by both first-responders, their support staff and other critical infrastructure entities; specific communications tools used largely or exclusively by first responders such as two-way radios are not considered in scope for this discussion.
Stage 1: Help Desk and Voice Mail degradation
Prior to stage one, and organization is operating under normal conditions. The transition from normal conditions to stage one impacts occurs at the onset of pandemic response and the implementation of telework strategies for as many staff as possible, or as absenteeism rapidly increases as workers become either sick (in which case they will not be employing telework) or afraid to come into work or must care for family members (in which cases they may be able to telework).
Figure 2 illustrates the first ICT impacts to be felt once a typical pandemic response strategy based in part upon telework is enacted. While many users are potentially capable of telework, many will never have enrolled for remote access to telework resources, or will encounter technical difficulties with the installation or configuration of the software elements.
Using findings related to Canadians workers as a guide, a normal organization with regular teleworking will have been 4% of the workforce teleworking and therefore employing remote access resources on a daily basisvi. A surge of telework demand to between 20% and 60% of the workforce (depending on the industry) seeking around the clock access to ICT resources rapidly overwhelms the ability of the Help Desk to enable and support users. Similarly, Help Desk workers themselves will be impacted by either sickness, fear or family responsibilities that increase their absenteeism at a time of critical need.
The Help Desk situation will be immediately apparent and a direct and virtually simultaneous result will be a fall-back to voice mail messaging to remain in communication with co-workers. A default configuration from a leading voice mail system maker has a relatively limited amount of capacity at 7 minutes per mail box vii. Under pandemic response conditions with 20% to 60% of the work force trying to maintain communications with each other, voicemail systems will probably be severely under provisioned both in terms of the message storage capacity and the ability to support concurrent users.
Stage 2: Internet degradation
Prior to stage two, an organization is operating under pandemic response conditions but has a seriously degraded if not disabled Help Desk and Voice Mail system. Between 20% and 60% of staff are absent from work and a significant proportion of these are eligible and trying to engage in telework in order to maintain service delivery or production.
Figure 3 illustrates the initial cascading ICT impact to be felt once a typical pandemic response strategy based in part upon telework is enacted. Despite the fact that the Help Desk has degraded capabilities, users will still be gradually enabled for remote access as this will be a focus of support.
All users will be accessing telework resources on a constant basis and probably login and hold applications and accounts open for the entire work day and probably longer. Given that the Internet connection was probably engineered to support a concurrent maximum of 5% of workers, bandwidth will be rapidly exhausted. Similarly, much of the usage will occur during working hours when partners, clients, suppliers and regulators are simultaneously trying to get information to and from the organization to support the pandemic response effort. As a result the organization will inflict what amounts to a distributed denial of service attack upon itself through rapid dispersion staff.
Stage 3: Telephony degradation
Prior to stage three, an organization is operating under
pandemic response conditions
with seriously degraded if not disabled Help Desk and Voice Mail system, and
Internet
connectivity has been overwhelmed by demand from stakeholders (teleworkers,
partners, clients, suppliers and regulators). Between 20% and 60% of staff
are absent from work and a significant proportion of these are eligible and
trying to engage in telework in order to maintain service delivery or
production.
At stage 3, Help Desk, Voice Mail, Telephony and Internet
Services are presumed
functional (versus total technical failure) but are operating at capacity
and unable to meet the levels of service required by the stakeholders, who
are all seeking other means to communicate with one another as a result of
the degraded service levels.
Figure 4 illustrates the third cascading ICT impact to be felt once a typical pandemic response strategy, based in part upon telework, is enacted; all stakeholders suffer significantly degraded (compared to what we are used to) inbound telephony and fax services. Outbound calls to the PSTN (public switched telephone network) would similarly be impacted as inbound calls used all available resources.
By stage three, essentially all information and
communications channels are degraded; some to the point of uselessness and
some remain usable but with frustrating and flawed quality of service. As a
direct result, workers will start using public domain
communications tools and portals for the management of internal information
and communication. From their homes or remote locations they will employ
personal webmail accounts, public chat (instant messaging) services, blogs,
personal web sites, public ftp and file-sharing servers and whatever else
they can effectively (but not securely) use to maintain communications and
support their organization. The direct result is elevated risk of compromise
(unauthorized disclosure, corruption/change, loss) of organization data or
data belonging to partners, clients, suppliers or regulators.
Stage 4: Information Asset compromise
In the fourth and final stage of ICT impact an organization is operating with seriously degraded if not disabled Help Desk, Voice Mail, Telephony and Internet services, while internal users are communicating with each other plus partners, clients, suppliers and regulators through publicly available, personal messaging and file sharing services.
Figure 5 illustrates the last cascading ICT impact to be felt once a typical pandemic response strategy, based in part upon telework, is enacted; compromise of information assets belonging not only to the organization, but to partners, clients, suppliers and possibly regulators. In stage 4, teleworkers have been driven to adopt ad hoc and arbitrary means of communicating using public services available on the Internet. For instance, personal email accounts which may or may not possess basic anti-virus and malware protection, or file-sharing services which harbour eavesdropping and interception technologies – basically, tools which simply make no warranties whatsoever. As a result, at least a small proportion of remote systems used by teleworkers are become compromised. These system compromises lead immediately to the compromise (disclosure, corruption, loss) of information assets belonging to any or all of the stakeholders. Shortly afterwards, given that remote access services are still operational through overwhelmed, the compromised systems will succeed in establishing a connection with internal systems and certain compromises such as malware will propagate through files or other means into the organization – bypassing perimeter security controls and compromising the entire information management system.
Timing and progression though impact stages
The speed of the cascading impacts will vary from organization to
organization, but it is likely that stage 4 – Information Asset Compromise –
could be reached within a single day for some organizations and probably a
mere matter of days for most organizations.
Pandemic ICT Remediation strategies
The second objective of this paper is the presentation of possible
remediation strategies for the various threats discussed in stages one to
four of ICT impact under pandemic response conditions. A range of
remediation tactics will be documented, from which risk managers and
executives can select the most appropriate tactics to form their overall
strategy.
The remediation tactics will organized using the following control classes as per NIST 800-53: Recommended Security Controls , namely Management, Operational and Technical.
Management controls consist first of basic decisions associated with overall
risk response which will be one of three options: treatment, transference or
acceptance. Treatment decisions related to management-level guidance related
to operational and technical controls that should be deployed. Transference
decisions generally related to contract terms and conditions, and / or
insurance, while acceptance is simply that: that risk is accepted without
any mitigation actions. Risks might be accepted for a very wide range of
reasons from cost to likelihood.
Operational controls consist of formally and well documented procedures, and
the testing and auditing of these procedures to ensure both that they are
being applied and that they conform with policy.
Technical controls consist of the hardware and software elements that
enforce the policies at granular levels. Technical controls are managed and
configured in accordance with the standards and practices defined by the
operational controls.
Finally, the implementation of a new management control does not immediately
require
that entirely new operational or technical controls must be created. Often
it is possible to re-task or tweak existing operational or technical
controls to satisfy new policy.
Alternately, policy can be something which is applied by users (employees,
contractors, partners, clients, suppliers), without necessitating
investments in operational procedures or technical controls. Similarly,
procedures can be adjusted within the bounds of existing policies to improve
assurance, using the same technical controls.
Stage 1 controls: Help Desk and Voice Mail degradation
The following controls can be tactically deployed in advance of the pandemic
response to manage the ICT threats described earlier.
Management controls
1. Financial authority and delegation: as the ICT threats escalate, managers at all levels of the organization need to know what, if any, resources are available to procure remediation solutions. Can they spend on emergency solutions? The answer to this question may become moot as the crisis escalates and solutions become a matter of life and death (personal or corporate), but precious time may be lost in the process of reaching the conclusion. In general, accounting centres and cost-codes should be established for the charging of ad hoc and emergency spending related to any emergency response – not necessarily just pandemic threat-response. These policies will support all future stages of ICT impacts associated with pandemic response.
2. Remote access enrolment policy update and reduced enrolment requirements
and
accept enrolment risks: Part of the Help Desk burden may be related to
enrolment
processes and the need to provision substantial technology such as 2 factor
authentication tokens. Temporarily reducing these requirements during
pandemic
response to speed enrolment and simplify deployment may be warranted. Such
reductions will invariably introduce new risks related to authentication and
regulatory compliance issues such as privacy or financial reporting.
Management
should actively consider if they are ready to accept these risks and
formulate a
position in advance of pandemic response. Similarly, a policy to temporarily
reduce enrolment requirements should be accompanied by a plan for cancelling
or
upgrading “emergency” accounts as soon as possible.
3. Personal communications devices such mobile and home phones should have clear terms-of-usage: It will inevitably occur that workers will use unofficial telephone numbers for official business once the voice mail system is degraded. Management can establish a temporary policy for the use of personal phone numbers, which includes guidance related to the retention of business-related voice messages and who in the home should be able to listen to these messages. For instance, the access code for the home voice mail should be temporarily changed or a new voice mail box should be added by a service provider – with costs to be reimbursed by the organization at a later date.
4. Temporary or retired staff are frequently recruited to fill in for absent
or sick workers. These staff will may be in a position to telework – however
their home infrastructure should be confirmed in advance and telephone
numbers neatly compiled into a single list for the purposes of seamless call
forwarding and management. (See Operational and technical controls below.)
5. Flex-hour can be
introduced to conserve scare ICT resources by spreading the loads over over
the day. For instance, staff which usually work standard hours may be broken
into teams, with different teams operating throughout the day with only a
few hours of overlap to aid communication.
6. Mandatory cross-training of staff – especially Help Desk staff – will significantly aid resilience and recovery. It is frequently the case in any ICT department that people specialize in tasks and systems. In the case of Help Desk and especially remote access systems and services, cross-training should be undertaken as proactively as possible to enlarge the number of individuals who can support remote access and reduce absenteeism risks associated with a typically small group.
Operational controls
7. Fast-track procurement processes for managing emergency procurement of pandemic mitigation solutions (ICT solutions and other) should be developed. These procedures will support all future stages of ICT impacts associated with pandemic response and other forms of emergency response.
8. Fast-track remote access enrolment and streamlined procedures, including
the conditions associated with the reduced enrolment requirements, for
implementation by Help Desk Staff.
9. Social distancing procedures for ICT and especially Help Desk staff,
including relocation to remote locations with all the necessary tools and
knowledge bases they
require to support users. Relocation will itself require ICT network
resources which may be addressed with some of the Technical controls to be
discussed. Alternately, re-configure working environments to disperse
on-site staff as widely as possible across the organizational venue; for
instance, convert outbuildings into office space for workers that need to
come to work for short durations but fear exposure.
10. Batch processing procedures for authentication and other services such as directories and databases, so that remote Help Desk staff can consolidate many changes for a single person to execute on-site if certain enrolment tools are not enabled for remote access – or remote access becomes degraded.
11. Voice mail conversation procedures reducing allowable message length to
conserve storage space, including training and instructions to staff
explaining the changes and the new limits. For instance, message limits of
30 seconds might be applied per caller, rather than allowing one or two long
messages to fill a voicemail box.
12. Temporary staff might be hired or retired staff re-activated to support
certain simple ICT support tasks, freeing more experienced or knowledgeable
full time staff to assume critical Help Desk or other functions.
13. Computing platforms (operating systems, software versions) are
frequently standardized in large organizations and support is restricted if
non-standard platforms and tools are used. Given the likelihood that
teleworkers users may be forced to employ whatever systems are available,
support for non-standard system on a best-effort basis could be sanctioned.
Technology controls
14. Subscribe to virtual call-centre technology from service providers that
allows for
internal calls to be seamlessly re-routed to mobile or domestic numbers.
Such services should allow Help Desk staff to login/out of the a
presence-aware application through either:
a. the internet , or
b. touch-tone telephone service using the PSTN (public switched telephone
network),
allowing them to change the number they are working from or to make
themselves available as their circumstances permit.
15. Deploy wireless mesh-networking technology to support re-configured work environment. Mesh networks use standard Wifi (802.11) network equipment which is easily integrated to any computer with a USB interface. Mesh networks can be deployed extremely rapidly and self-configure. All they require is a power source. Access to the organizational network is required for only one among potentially dozens of mesh devices; this single device will automatically and transparently provide network access to all the other mesh devices and may allow workers to near or enter their normal work location without the need to congregate within it.
Stage 2 controls: Internet degradation
The following controls can be tactically deployed as part of the pandemic
response in order to manage the ICT threats described earlier.
Management controls
16. User Prioritization is a management-level decision which can be applied to conserve scarce bandwidth. While all teleworkers play an important role in the organization, a variety of different policies can be put in place regarding who can get access, and when. For instance, teleworkers might be divided into “shifts” according to their division or even last name – and their accounts are only enabled during their allocated period. Alternately, certain critical or executive roles might have around the clock access and a higher bandwidth allowance applied to their account, if this feature is supported by the service provider or technical solution.
17. Application Prioritization is a policy-level control that management can
put in place to conserve internet bandwidth. Some applications and services
which teleworkers will try to use can be far more bandwidth intensive than
others; in many case it is possible use alternative, lower bandwidth
substitutions for applications. For instance, management may implement a
policy that SSL VPNs should only be used over IPSec VPNs which tend to
support “heavier” applications. Management needs to establish policies about
which “heavy” applications may be disabled during pandemic response. Access
technology policy prescriptions can be propagated defining which users may
user specific VPN technology for accessing remote services.
Operational controls
18. User Prioritization and network access control procedures: The
organizational networking groups are often in charge of remote services and
may be able to prioritize users and applications as part of the VPN feature
set;
19. Application prioritization and access control procedures. It may be that
remote access systems cannot effectively prioritize users or applications.
In this case the application owners may have to adjust account settings so
that only certain users can access the application at certain times, perhaps
even from certain locations.
Technical controls
20. SSL VPN (secure web portals) can be substantially less bandwidth intense
that IPSec based VPNs and the “heavy” or “fat” applications which will be
used to tunnel through an IPSec VPN. By making SSL VPN alternatives
available for critical applications like email, many more users can
potentially be supported using available bandwidth. For instance, an SSL VPN
supporting a web-based MS Outlook interface will consume anywhere from 50%
to 10% of the bandwidth of a IPSec-supported email session with an Exchange
server and an Outlook client viii.
21. Wireless Broadband and supplementary wireless bandwidth: there is “no
replacement for displacement” as the old muscle car saying goes. It may be
the case that despite rationing and moving to “lite” applications and
interfaces, there is still not enough bandwidth to satisfy a 5x to 15x
increase in teleworker demands, plus normal or greater demands for
suppliers, clients, partners and regulators. It may also be the case that
the current generation of VPN or applications cannot be reconfigured to
ration resources in any meaningful timeframe given the on-going pandemic
response. In this case the path of least resistance may be to rapidly
increase available bandwidth.
Under pandemic conditions telecommunications service providers will themselves be challenged to maintain services, and a surge in demand for installation services from across the client base will present substantial challenges. The ability to procure and provision fixed-line bandwidth such as DSL or fibre connections on short notice should not be assumed, unless this service has been contracted and procured in advance. While a typical waiting period for installation of such service ranges from 5 to 30 working days, the waiting periods under pandemic conditions could be longer. Wireless connections and bandwidth is a potential, rapidly deployable alternative depending on the service providers available in the area. The following wireless bandwidth options may be available on short notice, or may be pre-provisioned as a stand-by service without monthly charges for rapid commissioning.
• Wireless Broadband vendor solutions ranging in speed from a few Mbps up to
300Mbps are available off-the-shelf with a few days notice from product
vendors. These devices can be rapidly deployed in non-line-of-sight
configurations providing alternate internet gateways for teleworkers and
other stakeholders. Service providers will be required to deploy reciprocal
radios at their point-of-presence, but the deployment at points of presence
is theoretically a rapidly achievable.
• Third-generation (3G) mobile communications services are available
competitively in the market place and can provide moderate amounts of
bandwidth, especially outbound connections from an organization. If it is
the case that certain suppliers, clients, partners or regulators can accept
incoming connections for information “pull”, then 3G connection solutions
can be establish a side-door-exit allowing critical data to be retrieved
from, or provided to, outside locations. 3G services could also be used to
support incoming VPN or other services, however the technology is best
suited to “pull” versus “push” (allowing others to access applications and
data). 3G networking devices are available from most service provider
storefronts on-demand.
22. De-optimize web services so that users with non-standard systems are not prevented from performing telework or accessing important information. Many organizations will develop internal information portals and intranets “optimized” for a particular browser. Such optimization reduces support calls and development costs, but is often necessary for only a limited number of features and applications. To the extend possible, manage fancy Web 2.0 capabilities to maximize usability across a range of browsers and operating systems.
Stage 3 controls: Telephony degradation
Management controls
23. Supplier and partner prioritization – not all supplies and partners will be needed in the short term. Executive management can establish a policy directive that department or line-of-business owners should prioritize partners and suppliers for emergency communications. For instance, certain partners and suppliers might be told in advance of a blackout period for communications or to use only certain communications modes (such as couriers). Directive should also account for differing durations for the emergency conditions, rather than assume a single type of response period.
24. Flex-hour policy may be authorized where workers (remote and local) are
required to keep non-standard hours to allow for business communications
across a larger part of the day. For instance, some workers may be required
to work noon to 8pm on certain days to allow for communications loads to be
spread out.
Operational controls
25. Supplier and partner prioritization and notification procedures, contact lists and service-level changes should be communicated to suppliers and partners as per the management policy. Regulators should also be made aware of impending changes in the communication and information they receive from the organization if such information must be made available under conditions prescribed by statutes and regulations. Notification should include information about what steps are being taken to return to normal service levels and the expected duration of the announced changes.
26. Flex hour notification procedures for staff who must be assigned to alternative work hours to manage the loads associated with telework. Such notification procedures should be developed in consultation with employee representatives and in accordance with local labour standards. Notification should include information about what steps are being taken to return to norm work hours and the expected duration of the announced changes.
Technology controls
27. Switch re-direct: for organizations for DID (direct internal dialling),
desk numbers can be re-routed automatically to home or cellular phones.
Depending on the service provider, this service can be activated and
de-activated on-demand by the teleworker through a web-based interface or
touch-tone interface, allowing the teleworker to change locations.
Similarly, emergency routing plans can be developed to send toll free and
other numbers to different geographic locations or to a pre-recorded message
with information about organizational status or other information updates.
28. Virtual transfer: for organizations with multiple physical locations,
some of which may not be fully engaged in pandemic response, calls can be
re-routed to other office locations according to which of the other
locations has available line capacity on a minute to minute basis, depending
on the service provider.
29. Virtual queuing: Depending on the service provider, overflow calls can
be sent to a managed call cuing service which can advise the callers of the
amount of time they must wait for a line and then automatically patch them
through once a line opens. The service may also offer the capability to
perform automatic call-back operations, where the caller will have their
phone ring once a line is available. 30. Help desk overflow: Depending on
the service provider, if the organization is already employing a virtual
call centre to manage the Help Desk challenges (see page 13), then the
central telephony overflow can be routed to the off-site / teleworking Help
Desk operators.
31. Voice conferencing services whereby users call into a “bridge” owned and
operated by a third-party is a simple way to relieve stress on
organizational lines. Remote and local workers can established bridges for
meetings rather than have participants call into the organizational PBX.
Stage 4 controls: Information Asset compromise
Management controls:
32. On-line public collaboration tools education and awareness: many otherwise smart people have gotten into trouble using the wide variety of free, public collaboration sites available on the internet such as free webmail, blogs, photo album and social networking sites, instant messaging and filesharing. Security policy related to the dos and don’t of using public collaboration tools should be developed and distributed in advance. It is tempting to forbid the use of these tools in combination with organizational information assets; however, a better approach may be to prescribe what these tools may be used for and under what circumstances.
33. Counter-party information management practices: partners, suppliers,
clients and even regulators will likely be faced with many of the same
challenges to maintaining normal operations. There is a risk that your
counter-parties will use public collaboration tools to maintain operations
too; in this case your information assets under management by these
counterparties will be exposed to elevated risk. Counter-parties should be
notified in advance of your position related to this risk. Specifically,
whether you choose to accept, treat (prescribe minimum controls of “good”
tools) or transfer (back to them) the risks. This notification might come in
the form of a clarification of service levels agreements or other contracted
terms and conditions, or more specific guidance on the sensitivity levels of
the information under their management.
34. Internal User classification and sanction: some users from your
organization may employ public collaboration tools with lower risk because
the information they handle is considered less sensitive; while other users
might have to be forbidden from using public collaboration under all
circumstances. The diversion of some users to public sites may also free
enough connectivity to all users of sensitive information to avoid asset
compromise and regain partial or full remote access.
Operational controls
35. On-line collaboration white lists, education and awareness: certain public or semi-public collaboration tools on the internet may offer better privacy and security features and lower risks than others. A list of which sites and tools are considered appropriate for redundant or fail-over communications in the event of organizational ICT degradation would enable teleworkers to make better decisions about how to communicate, and lower organizational risks. Similarly, these white lists and information about the threats presence through some collaboration tools should be prepared and distributed to teleworkers.
Technical controls
36. Private on-line collaboration portals. It is possible to procure short-term subscriptions to on-line collaboration resources with subscription-only memberships. These collaboration services will operate from a different network space and allow loads to be diverted from degraded organizational ICT assets. These private services can often be established on short notice with a pay-as-you-go, per user fee. Private collaboration portals can include webmail/email, file sharing, instant messaging, voice and video communications, white boarding an a variety of well understood on-line applications. These portals can also enforce better login authentication options and place controls on information managed within the portal by users – for instance, data loss prevention (DLP) scans might be applied to information leaving the portal through email or instant messages.
37. Upstream security and carrier-grade intelligence. A variety of zero-day
(previously undetected) malware will likely be transferred to internal
systems from remote users as they slowly regain access to internal resources
and migrate off the public collaboration services they were forced to
employ. Deploying onsite, organizational counter-measures against these
malware threats requires investments in solutions, professional services,
and especially staff time. Organizations can consider employing security
scans and filters supplied by the service provider from within the core
provider networks. Upstream security comes in a variety of forms, but
essentially becomes a new layer of organizational security applied from the
service provider network, specifically designed to detect the most serious
threats that existing anti-virus and intrusion detection systems frequently
miss ix. Employing Upstream detection, alerting and response services
applies a mitigating control against malware brought back to the
organization from teleworkers, without requiring burdened technical staff to
procure, configure test deploy or monitor any new devices. Upstream security
provides accurate intelligence about the current degree of ICT threats and
compromises facing an organization. During pandemic response management
Upstream security services can provide intelligence and guidance around
which risks are real and which are imagined. As a result, management is in a
position to make balanced and informed decisions about which ICT solutions
pose too much risk, and which risks to accept.
Conclusion
All the controls in this paper are intended to be rapidly deployable either
proactively, or less ideally, reactively within 5 days for any given
control.
Not all the controls in this paper will be applicable to all originations.
While some controls are related to each other, many controls are designed to
be stand-alone. Organizations should pick and choose the controls
accordingly and modify them freely; however, it should be noted that most
Management controls require at least that supporting operational controls be
deployed in a complimentary manner.
This paper has presented a range of possible ICT threats and cascading
impacts which may afflict any organization trying to manage a pandemic
response while maintaining operational capabilities. We have proposed that
there will be a series of impacts which will occur in a specific order,
triggered by the strategy of directing workers to telework solutions. We
also propose that there are a variety of different security controls which
can be applied at the management. Operational or technical levels to
mitigate these impacts and the resulting risk.
Endnotes
i NIST 800-53 : Recommended Security Controls -
http://csrc.nist.gov/publications/drafts/800-53/800-53-rev3-FPDclean.pdf
ii It is projected that many people will suffer only mild effects from flu
infection and will not report to authorities or hospitals. Current estimated
from public health authorities in the Unites States for H1N1 flu are for 20%
to 40% of the population to be infected. (Source: Kansas Department of
Health, Activity Update, Aug 10 2009)
iii In the past, actual reporting rates other contagious diseases in
Ontario, Canada have been 0.13% or approximately 1 in 300 infections
resulting in reporting to physicians or medical authorities. (Source:
Sockett, Paul, Estimating The Under-Reporting Rate For Infectious
Gastrointestinal Illness in Ontario 2005)
i
v vi Tremblay,
Diane-Gabrielle Tremblay, Telework : A New Mode Of Gendered Segmentation?
Results From A Study In Canada, Bell Canada University Labs research 2003 vii Cisco System, Unity
Voicemail system Administrators Manual,
viii Alshami, Abdelnasir, A technical comparison of IPSec and SSL, Tokyo
University and Microsoft Corporation, Client Network Traffic with Microsoft
Exchange Server 2003 -
i
The contents of this site, unless otherwise specified, are copyrighted by © Big Medicine 2001-2009. The news provided is for personal use only. Reproduction or redistribution of the this site, in whole, part or in any form, requires the express permission of Big Medicine or the original source. For questions or comments pertaining to this site, contact the web administrator. Big Medicine is not responsible for the content of external sites linked and does not endorse their content. Advertisers are not responsible for Big Medicine contents, the content of external sites linked and do not endorse their content.