building resilience for critical infrastructure...building resilience for critical infrastructure a...
TRANSCRIPT
Building Resilience for Critical InfrastructureA Focus on the Healthcare Sector
BCP Asia Henry Ee, FBCI, [email protected]
IGNITE STAGE
04 JULY 2018
Henry Ee FBCI, CBCPFounder / Managing Director
Certified◦ BCM Professional: FBCI (BCI)◦ BCM Professional: CBCP (DRII)◦ Certified Management Consultant (PMC)◦ ACTA certified Trainer by WDA◦ Certified ISO 22301 Lead Auditor (BCI/ICOR/ANSI)◦ ISO22301 Lead Implementer, PECB
◦ ESCAPE & UNISDR Private Sector Advisory Group Member
◦ 20 years of experience in Business Continuity, IT-Disaster Recovery & Crisis Management. He is appointed President of BCI Asia Chapter and a Board Member of RIMAS (Singapore)
◦ Undertaken over 300 BCM Projects across APAC and has guided and trained over 5000 professionals
◦ Was previously Regional BCM Manager for ABN AMRO, Chase Manhattan Bank & JP Morgan
Critical Infrastructure Sectors
INFORMATION &
COMMUNICATIONS
TECHNOLOGY
FINANCE MANUFACTURING HEALTHCARE FOOD
ENERGY & UTILITIES WATER TRANSPORTATION GOVERNMENT LEGAL & SAFETY
Physical and virtual systems or aggregation of assets that provide essential functions and services that support societal, economic and environmental systems
We rely on them to work without fail!
A Focus on Healthcare Sector
When it comes to healthcare Critical Infrastructure (CI),
downtime simply is not an option
• Healthcare sector is perhaps the most fragile sector and is the most dependent on all the othersectors
• Life & safety of patients are top priorities!
• The nation depends on the continuity of its healthcare CI & systems, especially during disasters andemergencies
• If CI that the healthcare sectors rely on stops working, that could disrupt their ability to provideessential services to the public
Current Issues in Healthcare SectorHEALTHCARE
2017 2018
Top 3 Threats 1. Data breach (42%)
2. Cyber attack (39%)
3. Unplanned telecom & IT outages
(34%)
1. Cyber attack (62%)
2. Unplanned telecom & IT outages
(54%)
3. Data breach (38%)
Top 3
Disruptions
1. Unplanned IT and telecom outages
(65%)
2. Adverse weather (56%)
3. Interruption to utility supply (53%)
1. Unplanned IT and telecom outages
(70%)
2. Cyber attack (51%)
3. Interruption to utility supply (49%)
No of respondents: 657
No of countries: 76
No of respondents: 726
No of countries: 79
Based on annual survey conducted by Business Continuity Institute Horizon Scan 2017 & 2018
to organisations worldwide
Building Resilience to Healthcare Critical Infrastructures
Factors of Consideration
1A. Risks & Vulnerabilities AssessmentConduct comprehensive risk assessment so that healthcare providers may better
understand and catalog present and future risks:
Climate Risks Assessmentse.g. flood, hurricane, earthquake
Network & Cybersecurity Assessmentse.g. malwares, patients record theft, viruses
Physical Security Assessments e.g. theft
Pandemic Assessmentse.g. H5N1, H1N1, H7N9
Man-made Disaster
Risks Assessments e.g. fire, gas leak, terrorism
1B. Risks & Vulnerabilities Assessment3 main aspects of hospital vulnerabilities to be taken into account:
STRUCTURAL
• Structural design to combat hazard forces
• Quality of building materials, construction & maintenance
• Building configuration
NON-STRUCTURAL
• Architectural components such as windows, roof, ceilings, walls
• Installations – air ventilation, electrical & piping systems
• Water disposal• Emergency power supply• Equipment & furnishings• Electronic communication systems
ORGANIZATIONAL
• Evacuation considerations –shelter, accessibility
• Just-in-time delivery & replenishment of critical supplies
2. Building Design & Regulatory FrameworksUnderstand the building design & regulatory framework under which existing health care buildings were
constructed
• Building Design - A multi-hazard risk reduction approacho Help identify potentially conflicting effects of certain mitigation measures and help to
avoid aggravating the vulnerability of many hospital building components and systems
• Regulatory Frameworko Compliance to building code design baselines; address minimum requirements for building
resistance to major hazards based on historical experienceo Buildings’ compliance to regulations
3. Infrastructure Protection & Resilience
POWER SUPPLY
WATER SUPPLY
COMMUNICATIONS
MEDICAL
INFORMATION
DIGITAL
INFRASTRUCTURE
3. Infrastructure Protection & ResiliencePOWER SUPPLY
Determine the current anticipated length of time you can operate without grid power or refueling• Are all critical facilities equally equipped to operate without grid power for extended outages?• Given the location of the building and weather risks, is your refueling supply chain resilient to extreme weather disruptions?
Review locations of utility infrastructure relative to extreme weather hazards• Are your generators, fuel pumps, fuel tanks located above flood elevations?• Are emergency generators located above design flood elevations?• How often is your emergency generator system tested to assure reliable startup and sustained operation?
Having back-up power sources available to supply electricity to critical areas• Do you have redundancy (N+1) for all emergency generators?• Does your emergency generator fuel capacity allow for the projected hours of operation?• Do you have external connections for portable emergency generators?
Invest in on-site power generation through combined heat and power technologies to improve resilience
3. Infrastructure Protection & ResilienceWATER SUPPLYEnsure sufficient plans for water resources in the event of a water related emergency• Are there two independent water sources to the facility?• Is the water source potable without treatment?
Having protocols to secure back-up supplies of water in the event of a water related emergency• How much on-site emergency water storage do you have (in gallons)?• What duration of operation can this storage provide (hours)?• If your water supply is disrupted, do you know how long you can shelter in place before you need to evacuate?• How often is your emergency generator system tested to assure reliable startup and sustained operation?
Determine water usage under normal operating conditions• Have you audited and benchmarked your water usage (gallon/day)?• Do you monitor cost savings of water use reduction strategies?• Has your healthcare facilities adopted water conservation strategies:
o Low flow toiletso Water efficient landscaping practiceso Food service equipment
3. Infrastructure Protection & ResilienceCOMMUNICATIONS
Having multiple communication systems in the event of extreme weather emergencies• Landline telephone systems, Mobile phone systems, Radio systems
Take a Multi-tiered Approach to Information Sharing• Establish detailed & regularly updated contact lists with multiple methods of contacting each one of your staff members.• Prior to an incident, educate and familiarize staff with social media channels they may use on personal devices should facility
communication systems fail
Plan Ahead & Empower Your Staff• Work with your entire staff to devise detailed emergency response and business continuity plans. These plans should
include detailed roles and responsibilities and a list of essential positions that must be filled in the event of an emergency.• Emergency response training
Know Your Local Partners• Establish links with your local emergency managers, responders, and public health officials in emergency planning and drills.• Collaborate with community partners to participate in exercise scenarios to allow for a synchronized approach.• Identify and test communication redundancies.
3. Infrastructure Protection & ResilienceMEDICAL INFORMATION
Medical Information Systems (MIS) to remain available in order to continue to deliver patient care. Doesyour facility or system have the following systems in place?• Electronic Medical Records• Paper Record Storage in safe rooms (and above flood level)• Off-site data centres
Having MIS that will operate in the event of extreme weather emergencies• Are Medical Information Systems (MIS) on emergency power?• Is there a backup telecommunications system if the telephone infrastructure fails?
Inventory record storage systems and locations and assess their safety• Are medical records safe from flooding?• Are building infrastructure record documents safe from flooding?• Are all building infrastructure records digitized?
3. Infrastructure Protection & ResilienceDIGITAL INFRASTRUCTURE
Protect computer hardware & technological equipment• Secure all computer equipment and servers in a locked storage area with specific individual access permissions• Develop and implement a detailed plan of how to address potential cybersecurity vulnerabilities with medical
devices
Protect local networks & other computer software• Conduct a computer network assessment to obtain the information you need to develop a cybersecurity plan to
reduce cyber attacks & address breaches• Backup data regularly and develop a plan to access information quickly in case of a natural or manmade disaster
Encourage safe computer & cyber practices from all staff• Employees should also be aware of how to report and respond to suspicious cyber events• Require frequent password resets for all systems• Establish policies prohibiting the transmittal of protected health information using unencrypted public networks (i.e.
free Wi-Fi hotspots)
Thank you for your attention!
www.unisdr.org/amcdrr2018Henry Ee, FBCI, CBCP
Visit us at: bcpasia.com
Download the Slide : bit.ly/2KgFlYy