CAMPAIGN-5: Ideas to improve Cyberspace, Infrastructure, and the Grid

A New Approach to Emergency Operations Plan Partnerships

Produced By: ATL PREVENTION RESEARCH L.L.C.

Experimental Draft: Version1.1E

Origination: 07-12-2014 UTC 08:00

Last Updated: 04-15-2016 UTC 14:00

-

(POST 4 OF 4)

-

A New Approach to Emergency Operations Plan Partnerships: The Creation of National (Cloud-Based) Emergency Operations Plan (EOP) Repositories & Databases to Enhance Collaboration Opportunities, and More…

-

SUBJECT:

This thread briefly depicts the methods and benefits of (National implementation/deployment) of technologies that will provide secure cloud-based repositories and databases containing all private sector business’s Emergency Operations Plans (EOP), with search, share, and collaboration capabilities.

-

OBJECTIVES AND GOALS:

This thread provides a recommendation and a simplified overview of an excellent collaboration technology that I currently employ within my business (ATL Prevention Research L.L.C.) and with my business partners or clients. This information has been repurposed to share within this community, with relevant Government stakeholders, and the entire U.S. business community. The goals of sharing this information are to present new approaches that will enhance National Safety, Preparedness, and Resilience, through mechanisms that will provide broader digital access and distribution of EOP’s, as well as facilitate awareness, continuity, collaboration, and partnerships.

-

INTRODUCTION:

In the spirit of modern “Open Source” activities of the U.S. Government, I believe (private sector) Emergency Operations Plan cloud-based repositories & databases should be created on the National level to promote stakeholder revisions, optimization and maintenance of their EOP’s, as well as, enhance a given business’s coordination and collaboration with Local, State, and National Partners. Enhanced continuity and safety at all levels will be achieved ultimately by augmenting and streamlining private sector planning and communication of their EOP’s to their Stakeholders, and with their Peers. Preparedness and national resilience will be enhanced overall through collaboration with local Emergency Professionals, First Responders and with other groups who will consult with the Business Threat Assessment Team, engage in training and drills, and thereby assist with brainstorming, readiness, and further optimization of their EOP annually. In theory, this additional level of collaboration will also augment National uniformity, functionality, communications, and should positively impact the emergency procedures that are “Jointly” executed by Task Forces in multi-state emergency scenarios (i.e. complex operations such as floods, fires, and earthquakes, that necessitate the use of highly optimized plans that enhance the chances of saving lives and property during disasters or dangerous events or incidents).

-

TECHNOLOGY AND METHODS:

One possibility is the use of a secure Microsoft OneDrive Cloud service paired in combination with Microsoft OneNote software. Specific method:

=>STEP#1: (SINGLE BUSINESS) The private sector business will place their finished EOP within OneNote and synchronize it to their secure OneDrive Cloud storage within a labeled and dated EOP Folder.

=>STEP#2: (BUSINESS LEVEL DISSEMINATION) This private sector business will then “Share” their “EOP Folder” (located on their OneDrive Cloud service) with their Local Emergency Stakeholders and keep it updated and synchronized.

=>STEP#3: (LOCAL REPOSITORY AND OBLIGATE DISSEMINATION) The Local Police Department (as an example member of the local emergency stakeholders and LEPC) could maintain a OneDrive Cloud service (or similar internet-based digital storage) for the purpose of collecting all EOP’s that the Private Sector Businesses “Share” with them, (OneDrive will automatically periodically synchronize all updates to everyone who the Private Sector Business desires to include as a recipient of their EOP).

=>STEP#4: (POLICE REPOSITORY AND OBLIGATE DISSEMINATION) All police departments in a given State will collect all (Local) private sector EOP’s and “share” (all of these collected EOP’s) within their State and (consolidating them into a single large combined Statewide OneDrive Cloud repository) or similar online storage technology. Again, this is an automatic synchronization function of OneDrive to the recipient State data storage unit.

=>STEP#5: (STATE REPOSITORY AND OBLIGATE DISSEMINATION) Each State will then “Share” all collected EOP’s with a National Repository (a very large single National secure cloud storage site). This is the final recipient that OneDrive “points to,” and will automatically periodically synchronize updated EOP’s to the National EOP Repository.

=>STEP#6: (NATIONAL REPOSITORY AND DATABASES) Optional/additional National repositories and databases may then be derived from the National digitally-stored EOP’s at the discretion of a given Government Agency.

=> ADDITIONALLY: (PEER COLLABORATION) Local businesses could also (optionally) collaborate with other businesses by “sharing” a redacted or generic version of their EOP (with equivalent or relative businesses), or with professional consultants, and team members as they wish.

*NOTE: The reason for choosing Microsoft is related to recent precipitating events include their 2014 advancements in Security, Encryption, and the “Microsoft Transparency Centers” (e.g. OneDrive is now Perfect Forward Secrecy encryption enabled when accessing it through your account at (onedrive.live.com).

-

SIMPLE USAGE EXAMPLES OF THIS PROPOSED TECHNOLOGY:

=>EXAMPLE-1: A member of an organization desires to partner with a given business. The business can Share their OneDrive EOP folder with them, and provide the venue to remotely participate in annual EOP updates and optimization activities with them.

=>EXAMPLE-2: A Church creates a very comprehensive and excellent EOP and decides to share it with (i.e. 3 other local Churches) via OneDrive secure cloud service. In this example, OneDrive will provide a location for the EOP source file (that will be synchronized to everyone as changes are made to the EOP) and OneNote will additionally provide a software interface for remote editing and critiquing of the EOP in “real-time.” The OneDrive-OneNote combination will provide a venue for collaboration among stakeholders or members of the (example 3 local churches) or anyone else who has been given permission and “Share” privileges.

=>EXAMPLE-3: If the same Church as above shares their EOP with the local Fire Department who discovers a miscalculation or abnormality in the EOP, they can respond, and the Church may then receive Fire Dept. recommendations in Real-time,” and quickly revises their EOP to the satisfaction of everyone.

-

ADDED VALUE TO BUSINESSES, NATIONAL SECURITY, RESILIENCE, AND MORE:

1. This will allow partners, local and State Emergency Managers, and the U.S. Government to evaluate the current status and content of a given EOP, identify, analyze and correct weaknesses, as well as leverage intelligence for Command and Control of Emergencies related to our Critical Infrastructure Partners. Critical businesses would be targeted for high priority EOP adjustments (as the need arises).

2. I believe this will “streamline” a path for the creation of “EOP Gold Standards” and potentially ISO minimum standardization or other Semi-Standardization of some high priority EOP’s.

3. EOP Repository or Database research could be conducted related to the percentage of organizations that have a basic EOP as a ratio to the State record of total statewide businesses or versus the type of Business. This technology could evolve a tracking feature, or may become a useful metric and be analyzed to gauge State Business Preparedness “Planning” and conformity with various standards or recommendations.

4. An EOP repository creates a redundancy protection in the event a business is destroyed this record will be in the cloud and retrievable.

5. The EOP folder could additionally perhaps contain a list of employees for search and rescue (e.g. in the event that an earthquake causes building collapse).

6. EOP’s in the cloud will enhance National uniformity, organization, and (collaboration as in the above example).

7. EOP Retrospective research for errors may pinpoint why a given failure occurred, and aid investigations, as well as, lend to future recommendations and revisions.

8. Analytics may be developed, and retrospective studies or other evaluations may be conducted over time to gauge National resilience improvements.

9. It is implied that businesses with better (and more refined) EOP’s, (who share them with their local Emergency Managers), are augmenting their resilience by enacting functional emergency protocols that are coordinated with first responders, and include plans that protect property, protect their personnel, and protect public bystanders who may be within their facility when disaster/danger strikes (e.g. within a stadium).

-

KNOWN IMPLEMENTATIONS:

Briefly stated, these technologies are currently widely used for various other purposes. I use these technologies within my business and with partners for various projects, and for collaboration (and I recommend them, they work great). All Hospitals are required to create “All-Hazard” EOP’s, therefore, they would be immediately ready to deploy pilot collaboration trials using said technologies, repositories and databases. Non-public Government databases likely have some degree of this capability already, but would be unwise to integrate (government databases) with the private sector EOP data or documents, and is not the purpose of this discussion.

-

INCENTIVIZATION:

1. EOP review in the cloud could certainly enhance safety and may constitute an insurance company rate deduction.

2. Government safety incentives are possible but speculative at this point and beyond the scope of this discussion.

-

CONCESSION:

I concede that there are additional agreements that may need to be worked out in the event that this new approach evolves into broad and significant partnership capabilities. I further acknowledge that law-makers (through policies) could leverage this technologies structure-function set as a means to close legislative loop-holes, and integrate it into existing planning frameworks (with many added benefits that are not included within this discussion). I also, mention here that there are other technology options available that could be used to create a similar condition and digital environment such as (e.g. Access, Exchange, SharePoint, Cisco, or Red Hat products). These products were not discussed herein because they may require advanced training, and additional annual costs or fees.

-

OTHER EXAMPLE BARRIERS:

1. It is implied that individuals who utilize this excellent technology have a very basic understanding of modern computing, and can edit a document, maintain a schedule, and systematically execute basic computer tasks.

2. The deployment of this technology is very easy and fast (it took me 45 minutes to install the software, create the associated Microsoft account, point a OneNote folder to my OneDrive, create a synchronization schedule, and Share it with my other remote devices and partners). BUT, the private sector adoption and implementation process could be slow because it would be voluntary. It is implied that if policy or CFR mandates were created, this process would be rapidly expedited.

3. Verification and assurances from Microsoft (at minimum) must assert that a OneDrive Cloud service will maintain these example agreements:

=> Minimum privacy agreement for the user and their content/data stored on the OneDrive cloud service.

=> A statement of the continuous security and access level standards that will be maintained.

=> An agreement of continuous “Information Assurance” of data at rest and in transit with security monitoring as well as scheduled intrusion tests, and updates or patches.

=> An agreed upon cloud service up-time of e.g. 99.9% availability.

=> (Optional) arrangements might include platform integration customizations as per customer/businesses requirements (e.g. Linux and enterprise systems).

-

EXAMPLE EOP PARTNER ACCESS AND OTHER AGREEMENTS:

=> Local, State and National Government Stakeholders would be automatically (granted or designated or authorized) to have access to ALL (or most) private sector EOP’s available on the OneDrive cloud service.

=> Search capabilities and the use of standard metadata fields, would be implemented generally by the appropriate agencies and authorities, as this technology option evolves, and as the need arises.

=> Additional business partnerships and sharing would be at the discretion of the business on a case-by-case basis, and would be separate from the Local, State, and National EOP repositories.

=> EOP partner vetting would generally be the responsibility of the Business.

=> In the instance that a given business requires additional Operational Security (e.g. relative to the degree of impact the Business has on National critical infrastructure or security), then these circumstances may be dealt with by professionals (and is beyond the scope of this discussion) or they may opt out.

-

EXAMPLE PRIVATE SECTOR EOP CATEGORIZATION, CODING AND LABELING:

=> EOP standardized terminology has implied continuity benefits for all stakeholders.

=> Private sector business EOP’s, (located in folders on OneDrive clouds), may be labeled with standardized names and be tagged, or contain other metadata useful for business categorization including NAICS codes and terminology, (especially for professional businesses).

=> Additionally, generic labels could be used for common business search engine filter criteria including: (e.g. Hospitals, Prisons, Schools, Places of Worship, Telephone and Cell phone services, Electrical Companies, Gas and Fuel, Water & Sewage or Waste Removal, Stadiums, Shelters, Road crews, Construction Contractors) etc.

-

FUTURE PROGRAM EXPANSION:

Cyber is “the future,” therefore, in the future, (accountability may become implied) and the expansion of this program could include website cyber-security accountability, whereby website owner EOP’s and procedures are created and (maintained on OneDrive secure cloud services) together with their “Compact Privacy Policy” and would contain provisions to ensure that their users are safe from (e.g. Privacy Violations, Identity Theft, Malware propagation, Foreign and Domestic adversarial exploitation activities or intrusions, and other data or copyright violations).

-

FINAL IMPRESSIONS:

This information release was a segment from other research reports I composed on this subject, for the purpose of enhancing National opportunities, capabilities, and partnerships, (repurposed for this thread), and is not all inclusive. This technology option has demonstrated added value for myself and my business, and I believe it can yield significant opportunities and enhancements for all levels of National Security constituents, as well as, those who desire to optimize their EOP’s, collaborate, and participate in a new and more contemporary approach to Emergency Operations Plan partnerships.

-

TAKE-HOME KEY CONCEPTS AND NEXT STEPS:

The OneDrive-OneNote combination will facilitate collaboration and partnerships through cloud storage access to EOP’s for purposes such as enhancing National government emergency information sharing and relationships with all States and Local private sector businesses. Additionally, it will provide for peer review capabilities, research opportunities, analysis for EOP optimization, and remote maintenance of EOP documentation. If this new technology approach to EOP partnerships were considered on a national level, the initial steps may include:

=> Mapping this option to National Emergency Planning Frameworks to ensure continuity and compliance with current technologies, as well as, conducting deconfliction due diligence.

=> Also, prioritize Critical Infrastructure Partner integration, (e.g. the highest priority providers and businesses are evaluated first).

=> Simultaneously, I would recommend law-makers explore how this option could close National Security policy Loop-holes, and the potential for stakeholder accountability. No accountability is the baseline starting point.

=> Businesses that require a more advanced interface or platform customizations, or Operational Security arrangements may be given notice of foreseeable Information Assurance requirements or concerns and be given alternative options so that they may still participate, and begin planning their deployment strategy and considering their case-specific partnerships, and collaboration options as soon as possible.

-

OFFICIAL MICROSOFT ONEDRIVE WEBSITE:

https://onedrive.live.com/about/en-us/

-

OFFICIAL MICROSOFT ONENOTE WEBSITE:

http://www.onenote.com/

-

OneDrive is supported in Apple products (both OS X & iOS) also OneDrive is supported in Android Operating System as well (as of Feb. 19, 2014). Here are the official internet locations for the software you can use to access your EOP on the OneDrive cloud service from other Operating Systems below:

-

The official OneDrive App for iOS is here:

https://itunes.apple.com/gb/app/onedrive-formerly-skydrive/id477537958?mt=8

-

The official OneDrive App for Apple OS X is here:

https://itunes.apple.com/us/app/onedrive/id823766827?mt=12

-

The official OneDrive App for Android is here:

https://play.google.com/store/apps/details?id=com.microsoft.skydrive

-

Here is an announcement of OneDrive availability on mobile devices:

https://blog.onedrive.com/onedrive-is-now-available-worldwide/

-

* REFERENCED MICROSOFT ONEDRIVE 2014 SECURITY INFORMATION:

http://blogs.microsoft.com/on-the-issues/2014/07/01/advancing-our-encryption-and-transparency-efforts/

-

THIS NEW APPROACH TO EOP PARTNERSHIPS WILL ALSO BE VOTED ON AT FEMA IDEASCALE HERE:

http://fema.ideascale.com/a/dtd/A-New-Approach-to-Emergency-Operations-Plan-Partnerships/466861-14692

-

THIS INFORMATION IS MIRRORED AT FEMA NATIONAL PREPAREDNESS COMMUNITY HERE:

http://community.fema.govdelivery.com/connect.ti/readynpm/messageshowthread?threadid=48142

Last Edited by Aaron Littlefield

Tags

Voting

4 votes
Active
Idea No. 17