NOTE: GS(3) Intelligence Briefing is posted on a bi-weekly basis. As circumstances dictate, we may post special editions. The Briefing is organized into five sections: Europe, Middle East and Africa, Asia Pacific, Americas, Global and Cyberspace. Each issue provides insight on terrorism, cyber crime, climate change, health emergencies, natural disasters and other threats, as well as recommendations on what actions your organizations should take to mitigate risks. “Words of Power" commentary is also be posted on a bi-weekly basis. This commentary explores a range of issues in the interdependent realms of security, sustainability and spirit. For more information, go to www.wordsofpower.net
Europe, Middle East & Africa
The European Union's health and foreign ministers should meet soon to coordinate their reaction to the spreading bird flu virus, France's Foreign Minister Philippe Douste-Blazy said. "We can see that the H5N1 virus, this bird flu virus, is spreading and is arriving at our doors," Douste-Blazy told France 2 television… Turkey and Romania reported new cases of the virus on Saturday and began culling thousands of birds to prevent the globally feared disease from spreading [NOTE: It is of course not possible to stop wild, migratory birds from flying; and the Danube Delta on the Black Sea is a major migratory area for wild birds in Europe]…EU veterinary officers from the 25-nation bloc will meet in Brussels on Wednesday when the results of bird flu tests in Romania and Turkey should be known. They can decide further trade restrictions and tougher EU action. Bulgarian authorities said on Tuesday they were testing three birds found dead in the northern part of the country for avian flu but said so far there were no indications the deadly virus had reached the country. (Reuters, 10-11-05).
Practically all Balkan countries have now banned imports of bird and poultry meat from Romania and Turkey after the first cases of the deadly bird flu were discovered in these countries last week. Bulgaria, Greece, Macedonia, Albania, Serbia-Montenegro, Croatia, Bosnia-Herzegovina and Kosovo have rushed one after another to ban imports and to step up precautionary measures…All Balkan countries have intensified customs controls and teams of experts are watching the movement of migrating birds, which are believed to be the main carrier of the deadly virus. (AKI, 10-10-05)
Governments across Europe are stockpiling massive quantities of the drug, while South Africa is still trying to register it. Though there is another bird flu antiviral, Relenza, in South Africa, availability is limited.
"If there is a pandemic, there is going to be a worldwide shortage and even countries that are stockpiling it won't have enough for every individual," said Jane Yeats, senior specialist in virology at Groote Schuur. Spokesperson for the department of health's national office, Sowly Mabotha, said: "We're in the process of speeding up registration with a view to begin buying the drug [Tamiflu]. (IOL, 10-11-05)
Michael Osterholm, an infectious disease expert who has been studying the risk of pandemic flu for decades and is a U.S. government adviser, said governments should be preparing to cope with the pandemic instead of relying entirely on the hope of using vaccines and drugs to control it. If the H5N1 avian flu begins to easily infect humans, it will move too quickly for drugs and vaccines to be of much use, Osterholm said. "It doesn't matter if we have a vaccine now or not. We can't make it," Osterholm said in a telephone interview…"We have had a pandemic flu plan as a planning process since 1976," said Osterholm. "Nobody has completed it. It has been one of the most long-standing incompleted processes in Washington. Nobody wants to believe that modern medical science can't handle something." But it cannot, said Osterholm, who has seen the current U.S. flu plan. The plan has not been published yet but leaked versions suggest the country has done little to prepare for an H5N1 pandemic. Osterholm and other experts have long been complaining that there are not sufficient hospital beds, equipment or trained workers to cope with a major epidemic. "The one thing I worry desperately about it is the impact of overreliance on neuraminidase inhibitors," he said. There are two drugs in the class -- Roche and Gilead's Tamiflu, known generically as oseltamivir, and GlaxoSmithKline's Relenza. They work to reduce the severity of annual influenza and may prevent infection if used at the right time. Tests suggest they also work against H5N1, but no one knows how well. "I think that potentially neuraminidase inhibitors may work if you are already on them as prophylaxis (prevention)," Osterholm said. That would mean taking them daily for days or weeks. "That means that very, very limited supply is going to become a lot more limited." The U.S. has enough courses of Tamiflu to treat about 2.3 million people. The Health and Human Services Department says another 2 million treatment courses are on order and will arrive by the end of the year. But some 90 million people would need the drug in the event of a flu pandemic, University of Virginia flu expert Dr. Frederick Hayden told a meeting. At current capacity, it would take about 10 years to produce enough oseltamivir to treat 20 percent of the world's population, Hayden said. "Now people are saying whoever has the most Tamiflu wins," Osterholm said. "I worry so much that Tamiflu is a surrogate for protection." And vaccines are not an answer yet and will not be for years. There is an experimental vaccine against H5N1 but there are only a few thousand doses of it….(Reuters, 10-10-05)
A global influenza pandemic could come at any time and claim anywhere between 5 million and 150 million lives, depending on steps the world takes now to control the bird flu in Asia, the United Nations said. Additionally, the bird flu virus is likely to mutate into a strain that can be passed person to person, Dr. David Nabarro of the World Health Organization told reporters…"We expect the next influenza pandemic to come at any time now, and it's likely to be caused by a mutant of the virus that is currently causing bird flu in Asia…Nabarro said he hopes to persuade governments that "the U.N. system is actually going to help keep their people alive," and to generate political support for a three-pronged strategy focusing on prevention, preparedness, and response to a potential pandemic…He said "the real nightmare scenario is that the pandemic takes root in some of the least well-served and perhaps very crowded parts of the world where services are bad," like the camps for thousands of people who have fled their homes in Sudan's conflict-wracked Darfur region, AP reported. (CNN, 9-29-05)
(See “Preparedness Recommendations” below.)
On 10-8-05, a devastating earthquake (7.6 on the Richter scale) struck Pakistan, Kashmir, India and Afghanistan. It was South Asia’s strongest quake in 100 years. There were at least 22 aftershocks (including on a 6.2) within 24 hours. The epicenter was 60 miles northeast of Islamabad in the forested mountains of Pakistani Kashmir, near Muzaffarabad, the capital of Pakistan-ruled Kashmir. The city is in ruins. All five hospitals in the city were flattened…Heavy rain has compounded the misery of the survivors, and forced some helicopters loaded with food and medicine to cancel their flights to stricken areas…"It is a whole generation that has been lost in the worst affected areas," Pakistani army spokesman Major General Shaukat Sultan told the French news agency AFP…The only serious damage reported in Islamabad was the collapse of a 10-story apartment building, where at least 24 people were killed and dozens were injured. Doctors said the dead included an Egyptian diplomat, and the Japanese Foreign Ministry in Tokyo said two Japanese were killed…
As of 10-11-05, Pakistan authorities estimate the official figure at 23,000 at the moment, in Pakistan, with more than 51,000 injured. But off the record, officials have been estimating the final death toll could be as high as 40,000. Indian-administered Kashmir authorities estimate there are at least 1,460 dead and 4,500 injured. Aid agencies said more than 120,000 people urgently needed shelter and the UN said more than 2.5m have been left homeless. The United Nations launched an inter-agency appeal for $272m to cover relief needs in the devastated Kashmir region. This amount is expected to provide for winterised tents, food, blankets, medicine, water purification equipment and the reconstruction of some schools. Julie Ryan, International Red Cross: “Everywhere we go there are people that have lost every member of their family. It is a desperate situation.” Sigurd Hanson, World Vision: “There’s a significantly high children mortality rate. The reason for this is that it hit on Saturday and the children were at school. The teams that are reporting back say 70 to 80 percent of infrastructure was destroyed, including schools.” Wasim Bhat, Save the Children: “One of the very challenging parts of the whole relief exercise is that a significant stretch of the area is not accessible... In some remote areas, link roads have been cut off too, and there are reportedly high casualties.” (Financial Times, 10-11-05)
Medecins Sans Frontieres (MSF) group's chief in Islamabad, Isabelle Simpson, said water supplies could become contaminated because of quake damage, "which is why we worry that it could lead then to outbreaks of other water-borne diseases." (AFP, 10-11-05)
(See “Preparedness Recommendations” below.)
Hurricane Stan, which slammed ashore on Mexico's oil-rich Gulf coast was downgraded, drenched much of the country's south after killing at least 58 people…The storm dumped torrential rains over much of southern Mexico, and earlier forced the evacuation of 270 workers from offshore oil platforms in the Gulf of Mexico. The port of Veracruz, Mexico's main eastern port, was closed during the day due to gigantic waves up to five meters tall and powerful wind. About 12 000 people had been evacuated…(AFP, 10-05-05)
But Stan brought disaster in Guatemala after it was downgraded to a tropical storm.
“A frantic search for about 1,400 people believed to be buried alive by a mudslide in Guatemala was continuing as the death toll from massive floods throughout Central America and Mexico rose to a staggering 618…The towns of Panajab and Tzanchaj, 180 kilometers (110 miles) west of Guatemala City, were hit by the mudslide triggered by rain from Tropical Storm Stan before dawn Wednesday, when soil loosened by days of driving rain began rushing down the slopes of the San Lucas volcano. "I don't believe there are survivors. Already 36 hours have passed. According to estimates we have, 1,400 people were trapped there," Mario Cruz, a firefighters' spokesman, told AFP…Guatemalan President Oscar Berger made an impassioned plea to the diplomatic corps in his country's capital for international assistance, estimating agricultural losses at 135 million dollars. (AFP, 10-09-05)
Meanwhile, while the US mainstream news media is in deep denial about the impact of the terrible one two punch of Katrina and Rita on the environment, economy and energy needs of the Gulf Coast region and the country as a whole.
“The environmental damage from hurricanes Katrina and Rita is unparalleled in its scope and variety, scientists say, with massive oil spills blanketing marshes, sediment smothering vast fishing grounds, and millions of gallons of raw sewage scattered in New Orleans and along the 400-mile Louisiana coast…The most immediate concern is more than 8 million gallons of spilled oil in Louisiana -- a total that could grow significantly in coming days as Coast Guard officials continue to survey the spills. The Exxon Valdez -- until now considered the nation's worst environmental disaster -- poured 11 million gallons of oil into Alaska's Prince William Sound in 1989. Despite the bigger volume, the Valdez spill was easier to deal with, cleanup and environmental officials say, because it came from a single source and largely stayed in one place. In Louisiana, oil has been found seeping from pipes, tanks, and other containers at more than 48 locations. Floodwaters allowed some of it to mix with the contents of underground gas storage tanks and the hazardous contents of thousands of homes and schools, including asbestos, paint thinner, and bleach, complicating the cleanup…One hundred forty oil and gas platforms in the Gulf of Mexico were damaged by Katrina -- 43 severely, including some that floated away or sank…Many Louisiana fisheries, which produce 15 percent of US seafood and 50 percent of the nation's oysters, are believed to be devastated. Katrina dumped a thick layer of sediment east of the Mississippi Delta that probably smothered oyster beds, and Rita did the same in the western part of the state. Brown and white shrimp that spawn offshore and move inland to live in marshes have had much of their habitat destroyed. Officials say they believe the worst is yet to come: Decaying organic matter that is being stirred up or washed into lakes and the Gulf will probably cause oxygen levels in the water to drop, killing off fish. (Beth Daly, Boston Globe. 9-30-05)
But despite the devastation with which Katrina, Rita and Stan have hit the Gulf of Mexico, two other little known storms (one from 2005 and one from 2004) that did not cause significant damage or capture many headlines, provide an even more disturbing glimpse into the future.
“The twentieth tropical storm of an uncommonly active Atlantic hurricane season strengthened quickly into a hurricane after forming in an unusual location, near Portugal's Madeira islands…Its forecast track would take the storm toward Portugal but Vince was expected to gradually weaken as it moved over cooler waters. The hurricane was mainly a hazard to shipping, the hurricane center said…The 2005 Atlantic hurricane season has been one of the costliest and deadliest for the US, and Vince's formation made 2005 the second-busiest season since records began 150 years ago. There were twenty named storms in 1933 and nineteen in 1995. An average season spawns around ten tropical storms, of which six become hurricanes. (Reuters, 10-10-05)
“The genesis of two category-five hurricanes (Katrina and Rita) in a row over the Gulf of Mexico is an unprecedented and troubling occurrence. But for most tropical meteorologists the truly astonishing "storm of the decade" took place in March 2004. Hurricane Catarina -- so named because it made landfall in the southern Brazilian state of Santa Catarina -- was the first recorded south Atlantic hurricane in history. Textbook orthodoxy had long excluded the possibility of such an event; sea temperatures, experts claimed, were too low and wind shear too powerful to allow tropical depressions to evolve into cyclones south of the Atlantic Equator. Indeed, forecasters rubbed their eyes in disbelief as weather satellites down-linked the first images of a classical whirling disc with a well-formed eye in these forbidden latitudes. In a series of recent meetings and publications, researchers have debated the origin and significance of Catarina. A crucial question is this: Was Catarina simply a rare event at the outlying edge of the normal bell curve of South Atlantic weather…or was Catarina a "threshold" event, signaling some fundamental and abrupt change of state in the planet's climate system? Scientific discussions of environmental change and global warming have long been haunted by the specter of nonlinearity. Climate models, like econometric models, are easiest to build and understand when they are simple linear extrapolations of well-quantified past behavior; when causes maintain a consistent proportionality to their effects. But all the major components of global climate -- air, water, ice, and vegetation -- are actually nonlinear: At certain thresholds they can switch from one state of organization to another, with catastrophic consequences for species too finely-tuned to the old norms. Until the early 1990s, however, it was generally believed that these major climate transitions took centuries, if not millennia, to accomplish. Now, thanks to the decoding of subtle signatures in ice cores and sea-bottom sediments, we know that global temperatures and ocean circulation can, under the right circumstances, change abruptly -- in a decade or even less. (Mike Davis, Has the Age of Chaos Begun?, Tomdispatch.com, 10-8-05)
(See “Preparedness Recommendations” below.)
From another savage attack in Bali to a foiled plot in Paris to a hoax in New York City, the threat of imminent attack anywhere anytime continues, exacerbated by the Bush administration’s failed “war on terrorism,” in general, and its invasion and occupation of Iraq, in particular.
Bali's police chief, I Made Pastika, displayed pictures of the heads of the three suspected suicide bombers at a news conference. He said the men were responsible for the near-simultaneous blasts at three tourist restaurants that killed 22 people including several foreigners. Estimates of the death toll have varied, with some accounts reporting that 26 or more people were killed. Pastika also showed an amateur video obtained by police that recorded one bomber, wearing a black shirt, walking into the Raja restaurant in Kuta Square, a popular shopping and dining spot. Seconds later, at 7:45 p.m., the man was obscured by a flash of light and an explosion. (Washington Post, 10-3-05)
Investigators hunted for the two suspected masterminds of suicide bombings on this resort island as Indonesia, Thailand, the Philippines, Australia and other nations went on high alert to protect their beaches from a repeat of the weekend attacks…The men suspected of masterminding the attacks — Azahari bin Husin and Noordin Mohamed Top — allegedly are key figures in Jemaah Islamiyah, a regional Islamic militant group with links to al-Qaida that is blamed for the 2002 Bali nightclub bombings that killed 202 people, mostly foreigners. Azahari is known as "Demolition Man" for his knowledge of explosives, while Noordin has been dubbed "Moneyman" for his ability to raise money and recruit bombers. Police also sought three accomplices believed to be still on the island. The bombings came as Southeast Asia geared up for its major tourist season, when millions of Europeans and other foreigners flock to sunny beaches to escape the winter months. It was the second attack targeting Bali in three years… (AP, 10-3-05)
Security is to be tightened in France after allegations that a group of nine suspected Islamic militants arrested had been plotting a terrorist attack on a high-profile target in Paris. The seven men and two women, who had been under observation by anti-terrorist investigators for two years, are suspected of planning an attack on the Metro, a Paris airport or the headquarters of the DST, the French domestic intelligence agency. It is not clear if police were acting on intelligence of an imminent threat to national security when they carried out the arrests, but the interior minister, Nicolas Sarkozy, warned yesterday that the risk of a terrorist attack was currently "at a very high level" Mr Sarkozy used the news of the arrests to unveil a new anti-terror plan in which he pledged to increase the number of CCTV cameras on the streets, in airports, at train stations and near shops and banks. Mobile phone operators and internet café owners will have to keep records of all users and calls under the proposed new law…The internet and phone-record measures will have a three-year time limit and will need parliamentary approval to stay in force after 2008…The minister also revealed that about ten French citizens "are in Iraq, ready to become kamikazes" and that others were at religious schools in Pakistan. (Scotsman, 9-28-05)
The information from an Iraqi tipster that prompted New York City to go on high alert for a possible terrorist bombing of its subway system was not true — and was probably a hoax, federal officials said. Several law enforcement sources said the informant came to U.S. officials with a detailed story about a terrorist plot involving men who would travel from Iraq to Syria and to New York, where they would detonate bombs in the subway, using strollers and other devices to hide them. His information, which triggered a near lockdown of the subways last week, also prompted a U.S. military operation in Iraq that led to the arrests of three suspected co-conspirators in Musayyib, south of Baghdad. But after interrogating the three men and the tipster, federal authorities concluded that they were not involved in any plot to launch terrorist attacks in the U.S. "It all appears to be falling apart," said one federal law enforcement official, in reference to the informant, whom U.S. authorities have not identified publicly. "The guy … made something up that he thought we wanted to hear." (L.A. Times, 10-12-05)
In a dramatic rebuff to U.S. President George Bush, the Nobel Peace Prize has been awarded to the man who dared to tell the Americans that the main plank of the US argument for waging war on Iraq was based on a lie. The Nobel committee bestowed the prestigious award for 2005 on Mohamed ElBaradei, the UN official who rose to prominence by exposing the lengths that America would go to in its efforts to build a case for war. Mr ElBaradei, the director general of the International Atomic Energy Agency (IAEA), which shares the prize, delivered a body blow to the Bush administration on the eve of the Iraq war. During a televised meeting of the UN Security Council in March 2003, he told assembled foreign ministers that documents purporting to prove Iraq had attempted to import uranium from Niger to make a nuclear weapon were fake.,,The underlying message of the Nobel committee, which said the threat of nuclear weapons "must be met through the broadest possible international co-operation", is that weapons inspections are a better way of dealing with any crisis than war. (Independent/UK, 10-8-05)
As 100,000 demonstrators protested against the Iraq War in Washington, the American organization for the defense of human rights, Human Rights Watch, (HRW), published a damning report about torture and abuse by the American Army of prisoners in the “War on Terror.” This report is significant for two reasons: it cuts to pieces the myth that the tortures perpetrated at Iraq’s Abu Ghraib prison, revealed in April 2004, could have been the acts of an isolated unit, which would have brought an end to the matter with the revelation of the scandal; and it allows us to hear testimony, not of ex-prisoners, always to be listened to with caution, but of American soldiers…While authorizing its army to perpetrate what international law describes as "serious violations of the laws of the war," such as "torture" or "inhumane treatment" of prisoners and "war crimes" in the case of executions - the U.S. placed itself in a position of illegality in the service of the cause that they allege to defend: freedom, justice and democracy faced with the "the madness of Allah." But every time an Afghan or Iraqi is killed wrongly or tortured, and precisely because the U.S. is a democratic country, it is a defeat for America and all who defend the values and morals for which it claims to embody. More pragmatically, the use of torture is one less chance for Washington to win its wars, because for each martyred prisoner, for each image of Abu Ghraib or Guantanamo, ten fighters rise against the United States. (Le Monde, 9-26-05)
(See “Preparedness Recommendations” below.)
Dutch police have arrested three people for building a worldwide zombie network of more than 100,000 PCs used to launch internet attacks on companies and to hack into bank and Paypal accounts. The main suspect, a 19 year-old man, and his alleged accomplices, a 22 year-old and a 27 year-old, were collared in raids on their homes. Police seized "several computers, documents, a bank account, bare cash and a sports car.” The compromised PCs were hacked using a trojan horse, called W 32.Toxbot, according to the police, who say that "some thousands" of the victims were based in the Netherlands. Investigators have identified at least one distributed denial of service (DDoS) attack, targeting an unnamed American company, emanating from the zombie botnet. DDoS attacks are often used by extortionists to unleash a barrage of computer-generated request to victim websites to cripple their operations. Online gambling firms and web retailers are typical victims. The suspects are also thought to have hacked into a "large number of PayPal and eBay accounts, enabling them to order several goods over the internet, without actually paying for them". The gang controlling the zombie botnet played cat and mouse with the anti-virus vendors, Dutch police say: "The Toxbot registers all keyboard actions of the infected computers and sends this information to the cyber-criminals. Anti-virus software has been available for some time. The hackers, however, frequently revised the virus, in a catch up game with the anti virus producers.” The botnet has now been dismantled, courtesy of GOVCERT.NL, the Computer Emergency Response Team of the Dutch government, in tandem with XS4All Internet and other unidentified providers. (The Register, 10-7-05)
Online bookmakers who become victims of online extortion attacks more often than not pay up, according to an IBM security researcher. Martin Overton of IBM Global Services said those at the receiving end of denial of service attacks also often fail to report assaults to police despite improved policy procedures to guard the anonymity of victims in the UK and elsewhere.
"Criminals are pricing extortion rates at under the cost of preventing attacks. It's cheaper to pay up even if this encourages them [crooks] even more," he said. According to a recent study by analysts Forrester, one in three businesses has been at the receiving end of a successful DDoS attack, with more than 40 per cent suffering losses of more than £54,000 as a result. Victims who pay extortionists are playing into the hands of cybercrooks and likely to receive repeat protection money requests. By paying protection money they are increasing the threat to other businesses.
(The Register, 10-6-05)
(See “Preparedness Recommendations” below.)
Business continuity planning focusing on what to do if the virus should reach pandemic levels should be undertaken by all organizations, in particular those in areas of Asia Pacific where ‘Bird Flu’ has been detected. Planning ahead will reduce the potential impacts to existing or future engagements caused by travel bans, and temporary office closures or relocations.
The efforts of Member Business Continuity Team should focus on the following:
Determine key business processes that will need to be reconstituted in the event of a temporary office closure or relocation.
Identify technologies that could facilitate remote service to clients. This may include the use of video conference technology to replace face-to-face meetings in countries with travel bans or high incidents of human infection.
Ensure that infrastructure is available to allow for remote access capabilities for employees required to work from home or alternate locations due to temporary office closures. This may require investing in additional infrastructure, or identifying opportunities to consolidate such resources on a regional basis.
Identify alternate means to facilitate communications with firm employees or clients during health related emergency events. Such resources may include use of firm intranet web pages to provide frequent updates on the status of virus outbreaks, or the use of dedicated toll-free or other telephone numbers to provide recorded updates on crisis response status.
Determine, in advance, to what extent a cadre of local employees in the impacted country could be used to support business processes in place of employees traveling in from outside of the country in the event of potential travel bans. The option of holding client meetings in non-impacted, third-party countries should also be explored.
Such BC planning, like the requisite crisis management planning, can be leveraged for application in other crisis situations, such as the aftermath of earthquakes, tsunamis and in other health emergencies whether or not it is ever acted upon in regard to “Bird Flu.”
Natural Disasters and Terrorism
Disaster (e.g., terrorist attack, earthquake or severe weather) can strike anywhere anytime. Of course, every organization should have a comprehensive BC/DR plan for every facility, and re-evaluate and revise it as needed, and test and train against it on a regular basis, but here are three practical recommendations from a colleague, Regina Phelps (www.ems-solutionsinc.com), for every organization to follow up on, particularly if they have facilities or interests in earthquake areas
• Conduct a through hazard risk assessment to ensure you have captured and planned for your most likely events.
• Once you know your most likely risks, mitigate what you can. An excellent example of mitigation in a seismic environment is ensuring that all sensitive equipment (such as servers, telephone switches) have been properly secured to prevent them from toppling in an earthquake. (www.qsafety.com is a good web site to get ideas).
• Ensure that you have a team of employees who are trained to respond to your most likely events assuming that the response from the government may be limited. For example, if your are in earthquake prone areas, have a team of employees trained in advanced first aid and the medical supplies you will likely need in a major event. Part of this training should ensure that employees know how to use the disaster equipment and medical supplies that you have acquired.
• Educate employee NOW about the likely risks in your area and encourage them to get ready at home…employees who are prepared at home are far more likely to be able to assist the company in its recovery!
Here are three practical recommendations for you and your loves ones.
The most important is to develop a family communication plan. Here is how to go about that…
• Because local phone lines may be out of service or overloaded after a disaster, it's often easier (and you are more likely to get through) to call out of the state.
• Choose an out-of-state contact that each family or household member can call or email should a disaster occur. Your selected contact should live far enough away that they would be unlikely to be directly affected by the same event (best out of state). They should be aware that they are the chosen contact and what their job is.
• All of your loved ones should have the phone number for the contact as well as each other's phone numbers and email addresses. Loved ones should agree to call the out-of-town contact to report their whereabouts and welfare. Consider having a laminated wallet-sized card made to carry with you at all times.
• Many people overwhelm telephone lines when emergencies happen. If telephone lines are not working, be patient and try again later or try text messaging or email. Sometimes text messaging or email will go through when calls cannot.
Here are some examples of vital controls, excerpted from a comprehensive body of cyber security “best practices,” mapped to ISO 7799, that some colleagues and I have developed over the years:
• An adequately staffed and properly trained Emergency Response Team, empowered to deal with incidents such as electronic network intrusions or denial of service attacks, has either been established internally or contracted for from outside. (ISO 17799 (6.3))
• The organization has documenteed and implemented an emergency response process to respond to end-users quickly and effectively when computer-related or information security incidents occur. (ISO 17799 (6.3))
• There is a clearly documented and implemented incident handling policy and emergency procedures for dealing with system and network attacks. (ISO 17799 (6.3)
• Incident handling procedures are tested regularly in a realistic manner (e.g., conducting disaster recovery drills). (ISO 17799 (6.3))
• Internal network traffic is monitored to verify that controls are working correctly and that no unexpected activity is taking place. (ISO 17799 (9.7))
There are many other such controls that should be but are usually not in place—even in organizations with much to lose in reputation and trade secrets.
Richard Power is the founder of GS(3) Intelligence and www.wordsofpower.net. His work focuses on the inter-related issues of security, sustainability and spirit, and how to overcome the challenges of terrorism, cyber crime, global warming, health emergencies, natural disasters, etc. You can reach him via e-mail: firstname.lastname@example.org. For more information, go to www.wordsofpower.net.