This paper will thoroughly define and explain planning and mitigation. Additionally, it will cover several factors that play a role in each category. Specifically, this paper will look into several phases of planning to include: continuity of operations; mission essential functions; planning development; and preparedness. Furthermore, it will look what types a factors should be looked at when making an organizations plans. In addition, this paper will look at mitigating risks, specifically cyber and physical risk mitigation and some of the different approaches risks can be mitigated. Finally, this paper will briefly look at the Department of Defense’s Operational Risk Management process and how it ties planning and mitigation together.
Planning
Continuity of Operations
Continuity of Operations (COOP) is an effort within individual executive departments and agencies to ensure that Primary Mission Essential Functions continue to be performed during a wide range of emergencies, including localized acts of nature, accidents and technological or attack-related emergencies. To have an effective COOP, an organization must plan and mitigate all aspects of those functions for any type of situation which might cause a disruption of operations. The COOP must also align with the organizations goals in order to continue efficiency. With proper planning and mitigation, an organization can continue operations of their Mission Essential Functions (MEF). The first course of
Planning ties with one of the National Preparedness Goal’s mission area, that is prevention. The 9/11 events made DHS to aggressively change its focus to an “all hazards” approach. Prevention is a core component to accomplish this objective. However, for an effective prevention requires thorough planning. The private sector provides this type of service and DHS may hire a private sector entity to develop a prevention plan for them. In planning, all levels of government and private sector entities must coordinate with one another in developing and executing courses of action to prevent or reduce the impact of natural disasters or terrorist attack (Homeland Security, 2011). According to the National Preparedness Goal, planning is one of the mission are capabilities and preliminary targets of prevention (Homeland Security, 2011, p. 5). The private sector’s impact in planning with the DHS is essential for an effective prevention in support of the National Preparedness
Continuity planning is very important because it will help ensure that our Constitution is maintained during all types of disasters or incidents (Bush, 2007). That is why the Federal Government has established eight National Essential Functions (NEFs) that must be maintained at all times and the purpose of the NEFs is to allow the Government to be able to function under the Constitution at all times, no matter what circumstances or emergencies are occurring (Homeland Security Council, 2007). The first one of the eight NEFs is to ensure that the Government is able to maintain and ready to activate effective Continuity of Operations Plans (COOPs) whenever an incident or emergency occurs (Homeland Security Council, 2007).
The involvement of DoD into the implementation of the emergency plan is particularly important in case of terrorist activities. For example, if terrorist hijack an aircraft, the assistance of DoD will be essential (). The involvement of DoD will help to eliminate the terrorist threat faster and more effectively due to the use of the military. DoD has the military force, equipment and technologies essential for addressing such threats as terrorist attacks. Moreover, in such cases the deployment of the military under DoD command may be essential to protect the public and maintain the public safety.
General George Patton was quoted as saying, “Take calculated risk. That is quite different from being rash.” Great success can be obtained by calculating risks. Lives can be saved, infrastructure protected, and evil avoided, but how does one calculate risk? The Department of Homeland Security (DHS) has developed a risk management system to help address risks, primarily terrorism risks. It is important to realize that this is a system. Comprising this system of risk management are some key steps, such as the risk assessment and decision making. The overall risk management process employed by DHS is still in a stage of evolution and provides many areas of debate.
The Department of Defense (DoD) will have a significant response role during a complex catastrophe and must be able to provide timely and effective support to that effort. The Secretary of Defense (SECDEF) tasked the Department to generate recommendations to improve its posture in response to a complex catastrophe, which were subsequently provided in the Defense Support to Complex Catastrophes Initiative (DSCCI). The DSCCI does not fully articulate the necessary changes to pre-incident coordination and planning that will improve DoD’s posture for supporting civilian authorities in a complex catastrophe. This essay will identify key refinements to the DSCCI, as well as recommend the addition of a communication synchronization plan, that will
BACKGROUND. Implementing new procedures and countermeasures will ensure positive results during real time Mission Emergency Functions (MEF). Implementing new standards will be in an addition to annual sustainment training. Activation of COOP currently takes place in the initial phase between 0 to 12 hours. Normal protocols during this movement are coordination, establishment of command, personnel accountability, and initiation of procedures. A Mission Essential Function (MEF) task that an agency can defer is no longer 48 hours from “N” time. Current changing threats, including acts of nature, accidents, technological emergencies, and terrorist attack-related incidents have increased the need for viable Continuity of Operations capabilities
What you will read throughout this paper is that as the years go by, technology advancement caused our thought processes to became broad and not fall into the tunnel vision and selfish thought process in regards to the “it can’t happen to me” mentality. The primary functions of the ODM were the quick mobilization if assets and materials, along with producing and subsequently stockpiling critical materials on unfortunate event of a war. FCDA operations had a function called emergency preparedness...tow words that have just as an important meaning today as back
The organization shall establish, implement, and maintain business continuity procedures to manage a disruptive incident and continue its activities based on recovery objectives identified in the business impact analysis.
In order carry out this mission DoD must have the ability to first defend its most important networks, data identify and prioritize of important networks and data to the department. This plan will allow DoD to work and operate within a disrupted and degraded cyber environment in any event that an attack on their networks. In other words, DOD strategic plan should protect its critical infrastructure and operations to improve its contingency plans in case of any attack. The idea is to build and maintain a strong security architecture and joint Information Environment to move the focus from protecting just one service-specific networks but to secure the entire DoD enterprise including agencies under the DOD. In addition, the strategic plan should have staff and personnel with the capability to mitigate all known vulnerabilities that present a high risk to the department. Also work strong layered defense by working with the counterintelligence, and whole of government agencies to defend any type of
In order to properly prepare for a terrorist incident at the strategic or tactical level there must be a threat assessment taken for each of an organizations assets. This assessment will ask a few basic questions. What are the capabilities of the terrorist organizations? What type of terrorist attack is most likely to occur against this asset? What can be done to protect against this type of terrorist attack (GAO 2002, p.4)? In order to answer these questions an organization must have a thorough knowledge of the vulnerabilities of the different types of its assets which include fixed, mobile, and personnel. Once the vulnerabilities are determined, steps must be taken to secure the assets focusing on the most critical.
The National Preparedness Framework (2013) states that to properly estimate resource requirements, the community must identify the major actions that would be needed to complete the capability targets. Communities should consider timing, quantity, type, and cost of the estimated number of resources derived from the previous steps to complete mission-critical activities that support the capability targets that have been identified (DHS, 2013b). Other methods can also contribute to prioritization of resources. Strategic, operational, and tactical plans along with capacity analysis and calculating capability can help identify which resources should be prioritized (DHS,
DoD along with DIB have worked together to implement plans base on the risk assessment results that deterring threats and managing the effects of the loss of an asset. There are five levels of protection that applied to defense industrial base assets by the department of defense. The first level of protection asset owners is responsible for is hiring security official to protect their assets. The second level of protection depends on how serious the risk/threats is. If its serious local, law enforcement will assist to meet protective responsibilities. The third level involve state and federal level involvement if local law enforcement agencies assistance is not enough. The fourth level require the governor to get involve by requesting additional assistance from the National guard and other federal agencies. The fifth level involve the president activating the U.S. military to assist with whatever threat that is pose on the defense industrial base (Defense industrial base,
An organization must create a resilient security governance framework for mitigating risks. This is done by determining the teams, team leads and understanding the risks the organization faces. Also, all the frameworks and plans such as the disaster recovery plan, business continuity plan and crisis management plan must be integrated and must work hand in hand. Any data used for creating one of these plans must be shared to update the other plans proactively.
It's goal is to minimize the effects of a disaster or disruption. It means taking the necessary steps to ensure that the resources, personnel, and business processes are able to resume operation in a timely manner. This is different from continuity planning, which provides methods and procedures for dealing with longer-term outages and disasters.
Contingency planners are now asserting that contingency planning is a value-added component that can be a competitive advantage in the marketplace as well a means of helping organizations save money. Processes that are deeply analyzed in terms of continuity will usually be more secure, and new ways of working may emerge to help streamline operations. Contingency planning can be useful when forging alliances with external organizations or during acquisition phases. Contingency planning should be part of an organization’s quality cycle as well. “Business continuity and disaster recovery have gained somewhat in the eyes of top corporate management since the start of the 1990s. As the industry has slowly evolved from what could almost have been called a ‘black art’ to something starting to resemble a disciplined science, basic business principles have begun to become increasingly relevant” (Rothstein, 2003, p. 1).