Inject Response Report

Transcription

1 Inject Response Report Computer Calamity An IT Failure Tabletop Exercise November 19, 2013 Washtenaw County Michigan

2 This report contains the inject responses from the Computer Calamity Tabletop Exercise. These responses are unedited and are directly exported from the information typed into the ONX System during the exercise. The purpose of this report is to provide documentation for your organization s records of exact responses captured during the exercise. info@drc-group.com

3 Computer Calamity - # 001 Ann Arbor VA Hospital - Paul Fulton Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) power / medium virus / medium Flood / low Fire / low Employee / High No AC / Medium University of Michigan Hospital - Carrie Wright Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your

4 computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Building damage- HIGH Power outage - LOW Data Center damage- MEDIUM Flood - LOW Snow - LOW University of Michigan Hospital - Bruce Cadwallender Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Severe space weather-high Severe malware infection - medium Loss of all commercial and backup power - low Simultaneous loss of both primary and secondary data centers - low Tornado damage producing total disruption of data connectivity between medical campus and data centers - low University of Michigan - Mike Kennedy Monday IT Outage Minus 2 Days

5 Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Hazard: power outage / vulnerability: low Hazard: cyber-attack / vulnerability: high Hazard: severe weather / vulnerability: low University of Michigan - Paul Howell Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Hazard: power outage / vulnerability low Hazard: cyber-attack / vulnerability high Hazard: severe weather / vulnerability low City of Ann Arbor - Information Technology Services Unit - Russell Hanshue

6 Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Local Power Outage/Medium Regional Power Outage/Low Explosion or Fire/Low Computer Virus Outbreak/Medium Internal or External Security Breach/Medium Flood/Low Natural Disaster (Weather)/Medium Building HVAC Failure/Medium Shared Storage Chassis Failure/Low Michigan State University - Police - Dave Oslund Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH.

7 (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Power outage, would have to affect the university power plant and the local grid that we could access medium--own system, back-up from local grid and generators at specific sites Severe Weather (Hazard) depending on the severity--rain 100 year flood mark would affect some of the systems on campus, tornado depends on location--- high depending on severity-- we have some flooding that does to affect systems Cyber-attack-- impact is based on actual attack-- many systems are siloed-- Medium-- based on the system set-up Washtenaw County Sheriff s Office Emergency Services Division - Benjamin Pinette Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Severe Convective Weather - High HazMat Transportation - Low HazMat Fixed Site - Medium Severe Winter Weather - High Infrastructure Failure - High Extreme Temperatures - Medium

8 Nuclear Attack - Low Structural Fires - Medium Public Health Emergencies - Medium Sabotage - Medium Earthquake - Low Nuclear Plant Accident - Low Washtenaw County Treasurer s Office - Judy Fiegel Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Virus - up-to-date anti-virus software patches, firewall in place - medium Power Outage - generators in place in some buildings and data center - medium Fire - alternate data center holds offsite backups - low Tornado - could damage data center, data network and/or specific work locations - low Human error by employees - deletion of data - backups of data daily - medium Hacking - attempt to steal data - firewall, intruder detection - medium Washtenaw County Sheriff s Office Emergency Services Division - Marc Breckenridge

9 Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) 1. Convective Weather (high) 2. Hazmat transportation (low) 3. Hazmat Fixed site (medium) 4. Severe winter storms (high) 5. Infrastructure failures (high) 6. Extreme Temperatures (medium) 7. Nuclear attack (low) 8. Structural Fires (medium) 9. Public Health emergencies (medium) 10. Sabotage & Terrorism (medium) 11. Earthquakes (low) 12. Nuclear Plant accidents (low) Washtenaw County Sheriff s Office Emergency Services Division - Kenneth Kelly Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium)

10 Power outage, high terrorist attack, medium hazardous material, low infrastructure failure, high extreme temps, medium fire, medium public health emergencies, medium nuclear plant incident, low Ann Arbor VA Hospital - Andrew Beauchene Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) power outage - high environmental cooling - high VA Ann Arbor Healthcare System - Office of Emergency Management - Christopher Roe Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and man-

11 made threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Power Outage/Vulnerability: Medium HVAC Outage/Vulnerability: High Internal Flood/Vulnerability: Low DDos-Attacks/Vulnerability: Low Veterans Health Administration - National Disaster Medical System - Kenneth Bresnan Monday IT Outage Minus 2 Days Using your understanding of the various threats to your agency s computer systems prepare a Hazard Vulnerability Assessment (HVA) of natural and manmade threats that could potentially lead to an IT Outage for your agency. Identify all hazards to which your agency s computer systems are vulnerable. Then rank the vulnerability of your computer systems to the identified hazard. Rank each hazard as either: LOW, MEDIUM or HIGH. (Note: If needed call your agency s IT Department to discuss the threats to your computer systems.) (Example: Hazard: Power Outage / Vulnerability: Medium) Computer Calamity - # 002 Ann Arbor VA Hospital - Paul Fulton Wednesday 7:51AM Day 1

12 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. call helpdesk University of Michigan Hospital - Carrie Wright Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. MCIT DOC would initiate a Major Incident and page the AOC, OCA, and NDR who would respond and join a conference call to discuss the cause of outage, impact and expected duration. Together a communication plan would be developed and communicated through the appropriate available mechanisms. University of Michigan Hospital - Bruce Cadwallender Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they

13 know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. IT director on call would convene a conference call to discuss implications. IT DOC would include Incident Commander on Call. MiChart downtime procedures would be implemented University of Michigan - Paul Howell Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. Call help desk to report problems. Ask staff to wait for a response from the help desk. Hold staff until a decision is made. University of Michigan - Mike Kennedy Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. Call help desk.

14 Hold employees until further direction. City of Ann Arbor - Information Technology Services Unit - Russell Hanshue Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. A broadcast message via the VoIP system is activated. Phone calls are sent and received by lines of business managers. An all employee notification is sent. Washtenaw County Sheriff s Office Emergency Services Division - Benjamin Pinette Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. 1) Notify IT support 2) Establish backup connectivity via EMnet and Verizon Wireless 3) Escalate to executive level administration and make notification to internal and external partners. Provide alternate communications modes for contact. Washtenaw County Sheriff s Office Emergency Services Division - Kenneth Kelly Wednesday 7:51AM Day 1

15 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. Notify IT support. Establish back up connectivity, EMnet or wireless card Contact outside agencies to alert them of problem, (State police, etc.) Washtenaw County Sheriff s Office Emergency Services Division - Marc Breckenridge Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. 1. Notify IT support 2. Establish backup connectivity (EMnet, wireless card) 3. If IT is unable to resolve issue, escalate to executive level administration 4. Communicate systems failures to internal and external partners, provide alternate communications routes/methods Washtenaw County Treasurer s Office - Judy Fiegel Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be

16 malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. 1. Call help desk to report malfunction giving as many details as possible. 2. Ask employees to stay of computers. 3. IT staff would analyze situation - initiate fix and communicate instructions to staff by posting on employee website, to tech liaisons and department heads and cmsg - last resort call departments on phone, or send it staff out to departments to give updates Michigan State University - Police - Dave Oslund Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. Department IT staff would work on their server to isolate the issue and try to determine the problem depending on intel prior to this event, our Computer Forensics unit might be brought in to track things at this point Other departments on campus would be contacting the University help desk and IT systems staffs to determine the problem. The new University IT VP would start the discussion on standing up their Operations center. Ann Arbor VA Hospital - Andrew Beauchene

17 Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. check virus database for current threats VA Ann Arbor Healthcare System - Office of Emergency Management - Christopher Roe Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. Healthcare providers will notify both Clinical Leadership and IT Leadership that they are switching to paper contingency. Emergency Operations Center will be at a Level II: (Limited) Activation. Standing Bridge conference call number will be dialed into from an analog line, tested, then communicated to all units as a status report conduit. Status report times (typically an initial and hourly thereafter) will be communicated to end users in functional units. VHF Analog radios assigned to all units will be re-tested. Pneumatic tube system will be used to transmit orders manually from patient care units to lab/pharmacy/etc.

18 Veterans Health Administration - National Disaster Medical System - Kenneth Bresnan Wednesday 7:51AM Day 1 As employees arrive for work they begin to notice their computers appear to be malfunctioning. Some employees reboot their computers thinking that this will fix the problem, however they continue to receive an error message after their system has rebooted. Workplace managers are being contacted by their subordinates asking if they know what the problem is. Describe in detail the immediate actions that your agency s managers will take regarding the current computer problem. Contact IRMS help center to verify that they are aware of current problem. Computer Calamity - # 003 Ann Arbor VA Hospital - Paul Fulton Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) all employee stating we are aware of the issue and are working to correct with no ETA on a resolution at the moment University of Michigan Hospital - Carrie Wright Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing.

19 Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) An overhead PA announcement would be initiated by Security Dispatch notifying staff of the outage and expected response procedures. University of Michigan - Paul Howell Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) There appears to be a computer problem with unknown causes that is being investigated. Stay tuned for more information. Please use this time wisely to continue to work as best you can. Ask for any time critical business processes that may be impacted. University of Michigan - Mike Kennedy Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) Send general statement. Use telephones and radio system for information. Coordinate with HR on staff direction. Identify time sensitive IT processes. City of Ann Arbor - Information Technology Services Unit - Russell Hanshue Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT

20 personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) Root cause of computer system is not known. Notification will be provided through the City's VoIP phone system and also an notification (if available). University of Michigan Hospital - Bruce Cadwallender Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) We are experiencing an IT outage. All areas should implement downtime procedures and applicable aspects of continuity of operations plans. Contact the Hospital Command Center at to report critical problems Washtenaw County Sheriff s Office Emergency Services Division - Kenneth Kelly Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) Employees will be told whatever information is known at this time. A conference call with department heads will be established. Washtenaw County Sheriff s Office Emergency Services Division - Benjamin Pinette

21 Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) There is an IT failure which is impacting the entire organization. Backup communication links have been established. Re-train on those methods as necessary. Conference Call with other impacted Departments, ask them to pass information along to other employees and customers. Washtenaw County Sheriff s Office Emergency Services Division - Marc Breckenridge Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) Tell them the truth. Conference call with the supervisors and managers to provide information and asking them to pass information along to employees and customers. Washtenaw County Treasurer s Office - Judy Fiegel Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) 1. IT would communicate periodically what they do know at this point, through

22 website, and phones - giving an indication as to what may be wrong and when it may be fixed. IT would give specific instructions for departments if needed Michigan State University - Police - Dave Oslund Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) At this point there would not be a consistent message each department around campus would probably be giving information out at the unit level and the message would be different dependent on the managers contacting the University IT department. Ann Arbor VA Hospital - Andrew Beauchene Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) work from computer outage contingency plan VA Ann Arbor Healthcare System - Office of Emergency Management - Christopher Roe Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing.

23 Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) As mentioned in previous submission, employees would have switched to paper contingency plan by this point. (Very realistic for an inpatient healthcare environment.) Veterans Health Administration - National Disaster Medical System - Kenneth Bresnan Wednesday 8:37AM Day 1 As your agency s workplace managers continue to interface with its IT personnel, your agency's employees are beginning to ask themselves and each other what is going on and what should they be doing. Briefly explain what employees will be told at this point. (Note: At this point the cause of the computer system outage is not known.) That there exists and IT outage and it is anticipated to persist for hours duration. Computer Calamity - # 005 City of Ann Arbor - Information Technology Services Unit - Russell Hanshue Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex?

24 If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. University of Michigan Hospital - Bruce Cadwallender Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. IT downtime procedures have been developed for Electronic Medical Record system and certain other critical systems. Medical Center Information Technology engages with our Incident Management Team and our on call Office of Clinical Affairs physician lead to manage such events. University of Michigan - Paul Howell Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL No

25 If the above answer is no. Briefly explain why your agency does not have a COOP. Not overall but by unit within our organization, COOPs exist as necessary. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. University of Michigan - Mike Kennedy Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. Michigan State University - Police - Dave Oslund Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning.

26 Yes These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. New IT services system and department Ann Arbor VA Hospital - Paul Fulton Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. needs to be revisited due to new systems and updates Washtenaw County Sheriff s Office Emergency Services Division - Marc Breckenridge

27 Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. Business Continuity Plan, updated by Information and Infrastructure Services University of Michigan Hospital - Carrie Wright Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. Each department has a COOP, but not one plan for the institution. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage.

28 MCIT has a department COOP outlining critical functions and responsibilities. Washtenaw County Sheriff s Office Emergency Services Division - Kenneth Kelly Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. Washtenaw County Treasurer s Office - Judy Fiegel Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. But needs updating If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex?

29 Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. Alternative data center, offsite storage of payroll data, offsite storage of data backups VA Ann Arbor Healthcare System - Office of Emergency Management - Christopher Roe Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. The COOP for our agency involves remote mirroring of server data at two different sites, an ability for employees to telework remotely, and "COOP kits" which are physically deployed on all inpatient units which contain paper hardcopies of critical contact lists, patient record forms, (blank), radio channel assignments, and flashlights. Washtenaw County Sheriff s Office Emergency Services Division - Benjamin Pinette Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning.

30 Yes These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. Ann Arbor VA Hospital - Andrew Beauchene Does your agency have a current written Continuity of Operations Plan (COOP)? (Note: For future reference you may want to access the Just In Time Disaster Training Library for additional information on Continuity of Operations Planning. These videos are too long to view during today s exercise. Continuity of Operations Plan) OPTIONAL Yes If the above answer is no. Briefly explain why your agency does not have a COOP. If the above answer is yes. Does your agency s COOP contain an IT / Computer Systems component or annex? Yes If the above answer is yes. Briefly describe the components of your agency s COOP that focus on an IT / Computer Systems outage. Computer Calamity - # 006

31 Michigan State University - Police - Dave Oslund If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? Yes If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. We have a table top in the next 6 months. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Ann Arbor VA Hospital - Paul Fulton If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? No If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. too much day to day operations and it is low on the priority scale If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. unknown University of Michigan - Paul Howell If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? No

32 If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. Too decentralized of an environment to coordinate unit COOPs. Culture gets in the way. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. University of Michigan Hospital - Bruce Cadwallender If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? Yes If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. Access to supplies available within the Strategic National Stockpile If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Washtenaw County Sheriff s Office Emergency Services Division - Kenneth Kelly If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? No If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise.

33 If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. It is being tested today If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. University of Michigan - Mike Kennedy If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? No If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. Critical processes within Plant Operations and Medical School. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. Decentralization If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Units have individual COOPs. Washtenaw County Sheriff s Office Emergency Services Division - Marc Breckenridge If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? No If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. Why do you think we are here today.

34 If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Must refer to Andy from Infrastructure and Information (2 seats down) University of Michigan Hospital - Carrie Wright If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? Yes If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. MiSNS functional exercise in June 2013 and Radiation/HazMat functional exercise in October If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Washtenaw County Sheriff s Office Emergency Services Division - Benjamin Pinette If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? No If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. This exercise is a starting point for us to move forward If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster.

35 City of Ann Arbor - Information Technology Services Unit - Russell Hanshue If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? Yes If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Washtenaw County Treasurer s Office - Judy Fiegel If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? No If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. Lack of staff and time, commitment by departments, some departments do not need to be accredited or certified by outside agencies for funding. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Ongoing experiences with minor catastrophes improve our preparedness for future events VA Ann Arbor Healthcare System - Office of Emergency Management - Christopher Roe If your agency has a COOP does it test the plans and procedures contained in

36 Yes the document via tabletop or functional exercises? If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. We use planned outages (for upgrades and/or server maintenance) as opportunities to exercise our COOP plans. (We document routine outages as drills.) Most recently, we tested the switch to paper contingency, interoperable communications, and recovery. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Ann Arbor VA Hospital - Andrew Beauchene If your agency has a COOP does it test the plans and procedures contained in the document via tabletop or functional exercises? Yes If the above answer is yes. Briefly describe what components of the COOP were tested during your agency s most recent exercise. If the above answer is no. Briefly explain why this important set of plans and procedures is not exercised on an on-going basis.. If your agency does not have a COOP briefly explain how it assesses its ability to remain operational in the event of a disaster. Computer Calamity - # 007