ADD WAR TO
BUSINESS CONTINUITY PLANNING
Medium – Large Enterprises
Lessons learned from the “2006 WAR IN LEBANON”
CASE STUDY
Feature at Business continuity Journal, continuity central, survival guide, scribd ….
http://www.BCCManagement.com
Email: info@bccmanagement.com
This study is to stress on the correlation between the War and the Business Continuity (BC), especially for the Medium-Large Enterprises. Therefore, a true case of a recent war had been taken to emphasize and analyze the necessity of integrating and ADDING WAR TO BUSINESS CONTINUITY PLANNING.
Background
War actualities in Lebanon
Destruction of National and local Airports (3)
Bombarding all national seaports (7)
Tightening air, sea and land blockade
Targeting high-voltage electricity lines
Hitting power stations (5) and electrical transformer
Setting fire to fuel depots
Bombing petrol stocks
Blasting more then 40 petrol stations
Devastating wide swathes of infrastructure Bombing major and minor bridges (107) Blasting main roads and highways (445,000 m2) Denying access to many villages
Total destruction of cities and villages
Private houses/ Apartments
Total destruction:30 000 Major :30 000 Minor:70 000
Destruction of Hospitals (2), Health care centers (50)
Total destructions of 60 schools and another 100
…schools suffered minor hits
Hitting mobile / wireless relays
Blowing up audio visual relays
Evacuation of more then 200 000 people
Most of foreigner workers fled
Separation of families and children
Bombing more then 600 trucks
Curtailing movement and bombing of medical supplies and ambulances
Sewage Disposal Systems and Sewage Treatment plants bombarded
Bombardment of more then 40 factories
Main / secondary water distribution 330 stations
UN Resolution 1701 Ending 33 days of war
Aftermath of war in Lebanon
Closure of all landing fields
Obligating MEA Airline to relocate their airplanes to another country
Shutting down all sea shipment accesses
Debilitating the import and export activities Failure of abroad mailing system
Blackout of electricity to half of the country
Impossibility of providing fuel ships for supply
Capacity reduction of oil and petrol reserves
Sea Oil Spillage
Beirut Stock Exchange plunges 15% and closed for 25 days
Lebanese pound has shaken by 1%
10 billion Business/financial loss
Most of the Factories, organizations, and offices closed for one month and other failed to open or to return to Lebanon
1.4 million tourists loss
Cancellation of hotel bookings
Cancellation of many summer festival
Lessening the medical supplies and drugs
Aid could not reach the needed people due to blockades
Relocation of 800,000 citizens to other areas (27% of Lebanese population and more)
Environmental degradation of the aquatic speeches due to oil spills and air pollution from bombarding and bombs and forest being burned ( biodiversity)
Contamination of Water
Decreasing Potable Water
Spread of Diseases/sickness
Human Losses 1,191 and another 50 from clustered bombs and 4,405 injured
Business Preparedness
How and why should an enterprise integrate war in its Business Continuity Planning?
Since September 11, 2001 business continuity gained high interest, but still are we ready today? Not really, but at least, we are on the road.
While attending the “16th World Conference on Disaster Management” in Canada – June 2006, it was impossible not to notice the poor participation of countries in the conference, for instance there were 1700 delegates from 47 countries only. In other terms, 1700 is a promising figure as far as individual participants but 47 is a very shy number for countries representation.
Where are the rest of the countries not only from that conference but from BUSINESS CONTINUITY?
Some traditional business continuity risks and threats might not be good in war situation.
Working with several Medium-Large Enterprises after and during the war in Lebanon, supplemented a lot of data to this case study.
EFFECTS OF WAR
First question to ask in a war situation: “ do you still want to operate from within the effected country?”
According to ABC news
“We are looking at how we might transport
Americans to Cyprus. Once in Cyprus,
Americans can then board commercial aircraft
for onward travel,” an embassy statement said. ”
a) Evacuation:
• Do your organizations/governments have plans for mass evacuation?
• Do governments have plans to receive high number of people, from neighboring countries in case of war?
BEIRUT, Lebanon Jul 15, 2006 (AP), The
United States is working on a plan to evacuate American citizens from Lebanon to the neighboring island of Cyprus, the U.S.
Embassy said Saturday.
For instance, Cyprus called the European Union’s aid in the situation, since it could not handle the load of evacuators.
Reading the ABC articles (on the right side), it is obvious no plans were available and forecasted ahead for such an emergency. In addition, taking the USA as one of the biggest countries, it took long time to come up with a plan and to evacuate all of its citizens from the Lebanese territories. Evacuation took more than 18 days.
Evacuation of foreigners residing in Lebanon:
– Sri Lanka; 90000
– Canada; 40 000
– Philippines; 30 000
– United States; 25 000
– French; 25 000
– UK; 25 000
– Australia; 25 000
– Indians; 12 000
– And many more others….
a) Relocation:
Due to the war, many foreign and affiliated organizations relocated their headquarters and businesses from Lebanon to neighboring countries carrying on their work but unfortunately they never returned back.
b) Electricity:
Due to the air and sea blockade and bombardment of power stations and electrical transformers, the electricity blackout happened in two phases.
– First phase: A direct result from the bombardment of power stations and fuel reserves.
– Second phase: An indirect result from the lack of petrol and fuel feeding the un-bombed power stations.
Since the beginning of the war, the electricity crisis started, providing only 18 hours per day until reaching down zero hours per day for the highly affected areas due to lack of refueling.
As mentioned previously, the blockade led to a shortage in the oil / petrol country’s storage as well as the direct bombardments of petrol stations reduced the chances of having enough quantities for distribution.
In front of these facts, the citizens and the companies panicked and bought petrol tanks for stockpiling, noting that at that stage, the prices were increasing tremendously.
i) Mail /Post services/Courier:
Another outcome of the blockade was the complete paralysis of the mailing system (air, sea and land) as well as the internal post services.
Consequently, all the parcels and courier mails were extremely delayed if not lost. However, during the war, and a later stage, some courier companies offered their services but with a noticeable growth of prices (10-20% increase) due to the risk available in transporting the parcels from / to Lebanon internationally.
j) Mobile/Wireless/Radios/TVs:
In Lebanon, Radio and TVs antennas are mostly located adjacent to Wireless and Mobiles antennas.
During the war, most of the biggest Radio and TV antennas were targets for destruction due to political reasons. Consequently, the nearby wireless and mobiles antennas were seriously damaged cutting the telecommunication among regions in the country.
Worth mentioning, that due to the disorganization of the electricity, the wireless relays started to shutdown respectively noting that UPS can hold only for few hours.
l) Monetary & Stock Market
In Lebanon, the currencies dealt with are both the Lebanese Pound and the US Dollars.
The Central Bank of Lebanon, on the 3rd Day of the war, issued a memo stopping all USD cash transactions due to the worry on the Lebanese Pound to fall, and because people started drawing large amounts of cash in USD due to panic.
The transactions from Lebanese Pound to Dollars were allowed but not as far as cash, so that no panic will occur and to protect the Lebanese Pound.
A small increase of less then one percent was noticed in the foreign exchange.
• Stocks went down on the 2nd Day by 10 % and then the Stock Market closed on the 4th Day no transactions were accomplished due to many technical, non-technical reasons and due to the high demand on selling.
• The Stock Market closed for more then three weeks consequently financial losses were very high.
• A high amount of selling took place once the stocks were trading again.
ANALYSIS
Several considerations should be incorporated in the Medium – Large Enterprise’s strategies and plans in order to better handle a war situation. The following parts will go over the key points and considerations advised and necessitated for integration in the Business Continuity Planning.
Medium – Large Enterprise’s Considerations:
Army/ Safety: 1- Determine which employees accomplished the military service and identify who might be called in the future. In addition, the company should be aware if a key job post in the BCP was given to an army reservist in order to train ahead a stand-in staff.
2- Make available a shelter not just an underground parking since nowadays this latter will not block the new bombs (reaching more then 200 feet).
Petrol / Fuel: 1- Extra fuel storage for the generator is necessary for the Data Center or DR site since in war time no re-fueling will be available and maybe for a long period.
2- Purchase some motorcycles in order to use them when needed for easing transportation or delivery, due to the very low utilization of petrol.
3- For the Large Companies think of the possibilities of purchasing a petrol station for emergency purposes since it will be handy in case of war.
Media:
The employees especially the executives should be trained on statements in the name of the company, especially in case of an unpleasant incident. They should be taught on the content and extent of the information allowable to be provided as well as the timing.
Radio/TV: Even though it is a cost saving strategy, installing Radio & TV Antennas adjacent to the Mobile and Wireless Antennas is not a very wise step since risks are higher.
Mail /Post services/Courier: Does the business rely on mail and parcels? If yes, the company’s SLA should be checked. Even if there is an SLA of services given to companies, attention should be based on the human factor, for instance plans for services degradation should be made.
Internet: 1- Plan for a backup solution for the provision of internet. For instance, the company should find out from the ISP their BC plans.
2- Foreseen backup plans in case ISP failed to provide their services (ex: bombarded).
3- Make special arrangements if the fiber optics in the sea or land were destroyed. 4- Arrange for a satellite communication providing internet services.
Evacuation: Putting the facts of evacuation into business how can you replace 1000 foreign employees that evacuated, and most of these employees hold important positions in the company and without them the business cannot survive.
Information technology:
Questions: Do you do backup? Do you send tapes to another site?
If yes; for how long do you retain them and do you test them monthly?
Do you know what are you backing up? Can you replace your key staff without stopping business? If you answer no to any of these questions, then you have drastically failed to provide the safety, security procedures and the minimal business continuity for the company.
1-Choice of the location of the recovery center should be away from the datacenter, a further option could be to establish the recovery center in another country in case the company possesses an overseas branch.
2-Set procedures identifying “how, why and who” can fix each type of failures from the vendors. This requires checking out the SLA agreements with the vendors.
3-Stockpile spare parts – as much as it is affordable -in the recovery center in order to be used either in the main Data Center or in DR site.
4-Having seen recovery centers, unprotected, on some high floors of a shared building, in a busy neighborhood, very close by petrol tanks all of these are high risk factors.
5- Updated Configuration Manuals are essential in the recovery center (routers, firewalls etc…)
6- Think in satellites and make it part of your monthly testing procedures, satellites comes to the game when everything else fails, satellite phones, satellite WAN, satellite internet, etc… if you offer international service your clients in china should not be affected if you have a problem in the Head Quarters.
7- Make sure to install voltage regulators in order to avoid the failure of the hard disks and other parts due to the low/high voltage of electricity especially during war when electricity is not well controlled.
8-One organization plans covered the bad days and not the good days.
Three days after the war when people were resting, the department that is responsible for the cooling of the datacenter room got a call on high heat, and he didn’t answer to the call and the worst had happened 34 days of war and the organization had survived, suddenly out of nothing the cooling system got jammed to an unknown reasons and the heat hit 55 degrees Celsius, you could fry an egg on the steel, so some systems had heat protection and shutdown by them selves others were damaged due to heat.
Plan for HVAC and automated monitoring systems.
9-Another organization had to change the uninterruptible power supply UPS during the war after a defect has been noticed.
After trying many times to reach the company but no luck due to some bombarded networks and network coverage then the manager had to be contacted and leave the call with him to manage the replacement, the problem was, that all of the company employees were in an effected area of wireless coverage they couldn’t be reached and once reached couldn’t reach the site, but in the end the ups was changed.
10- Interference: Due to Navy ships that were near the cost line, they interfered with most of telecomm and wireless transmission which forced businesses to loose communication with each other, plans should be made to include this and also governments should plan about it, on where to park the ships to minimize the risks
11- EMP Electro Magnetic Protection. With today’s arms technology, the need of a protected anti EMP environment is a must.
Insurance: Almost all the companies are insured. But what about war and terrorism, nobody is insured against those so think of what can be done
Contact System: 1- Set up an emergency phone line for giving and taking instructions to/from key staff in BCP using a system similar to a voice machine-giving guide of required procedures.
2- Test the Call Tree several times per year. In case of a disaster or a war, problems in telecommunication with the staff might be faced; this is where the emergency phone line could play a role. A special satellite notification system could be used as well.
3- Work on a notification system. For instance, one phone call and the system will contact ever person included on the list through several ways (email, sms, telephone, website, emergency phone line, pagers, etc …).
4- Have CBs ready and charged in the recovery center with extra batteries and charging modules.
Vendors Related: While entering into business agreements with the vendors, the companies
should take into consideration several issues / questions among which:
• Do vendors have BCP? Does it cover internal and external services? • If they have a BCP; what is their service level agreement?
• Do they have a dedicated team focused on BCP and disaster recovery? • Do they have a crisis management process?
• Will they provide support in case of war and terrorist attack? • What is the timeframe to provide their support?
• When last did they test the plan?
• Will the backup spare parts be available in another site at their locations?
• Will they provide primary and backup contact information during a disaster?
Thoughts crucial for the selection of Locations for Data and Recovery Center:
1- War and its effects should be taken into consideration
2- Option of establishing a secondary recovery center should be taken.
3- Ask the question: Should the recovery center of the organization be in 100 miles radius of the main datacenter or more?
4- Try to have the petrol tanks stored below ground and far from the recovery center, in case it blew up.
5- Try to plan for recovery center outside the main country of operations
8
6- Plan for the isolation of the data center/DR site in case of occurrence of a chemical/biological war.
A Number of Advises for the Organizations/Employers:
1- Don’t expect employees to show up for work during the war, find out who has a strong
character or personality and can bare the danger fear, because if you gave a key personnel in
the team responsibilities, and he got scared to do the job, that will be another disaster.
2- Try to help employees, in case of lack of petrol may be through supplying them with petrol to
show up to work, or providing a small transportation system (a mini bus) to pick them up.
3- Understand the employees and be aware that they will not come to work and their families are
in danger, seek to bring their families to work, have a place at the organization ready to
welcome people i.e.: beds, food, water, etc…. or at a near by hotel.
4- Have a therapist to aid your employees at all time, during and after the war as well as in good times.
5- Reduce the time schedule of work i.e. during peace days if the work schedule is from 8 am to 4 pm adjust it from 8 am to 1 pm or whatever is convenient.
6- Pay early salaries or an extra half salary without taxes since people will be needing money.
7- Avoid employees’ rotation during the war, since it will be a burden and time consuming.
References:
• http://www.cnn.com
• http://www.reuters.com
• http://www.albalaonline.com
• http://www.pcm.gov.lb
• http://www.state.gov
• http://www.turkishdailynews.com.tr
• http://www.aidlebanon.org
• http://www.bbc.co.uk
• http://www.canada.com
• http://www.reliefweb.int
• http://www.abc.net.au
• http://www.dw-world.de
• http://www.sr.se
• http://www.ameinfo.com
• http://www.moroccotimes.com
• http://www.csmonitor.com
• http://www.cbs5.com
• http://www.gartner.com
• http://www.lebanonundersiege.com
• http://www.undp.org
• http://www.annaharonline.com
• http://www.tayyar.org
• http://www.rawstory.com
• http://www.sweden.gov.se
• http://www.aljazeera.com
• http://www.khaleejtimes.com
• http://www.haaretz.com
• http://www.latimes.com
• http://www.guardian.co.uk
• http://www.christianaid.org.uk
• http://www.english.people.com.cn
• http://www.sabcnews.com
• http://www.yahoo.com
• http://www.time.com
• http://www.news.infoshop.org
• High Relief commission
• Local New papers
• And many more…
Business Continuity, BCCManagement.com 