"I just got my hard copy of the Journal and the article in there on Industrial Control Systems cyber risk is excellent! Well done throughout, you are to be commended for setting the bar at such a high professional level in the inaugural issue."
Volume 18 (2024-25)
Each volume of Journal of Business Continuity & Emergency Planning consists of four 100-page issues both in print and online. Articles currently published in the volume are:
Volume 18 Number 2
-
Editorial
Lyndon Bird, Editor -
Practice Papers
The role of artificial intelligence in disaster recovery
Linda S. Hanwacker, President, CEO and Founder, The LSH Group
In an era marked by the increasing frequency of major natural and manmade disasters, the imperative for effective disaster recovery planning and response has never been more pronounced. As communities grapple with the aftermath of hurricanes, earthquakes, wildfires, pandemics and other crises and emergencies, the integration of innovation technologies has emerged as a beacon of hope for more resilient and efficient recovery efforts. Standing at the forefront of this technological revolution is artificial intelligence (AI) — a transformative force with the potential to revolutionise every facet of disaster recovery. While the benefits are substantial, challenges in AI implementation are evident. These challenges underscore the need for continuous research and development efforts to unlock the full spectrum of AI’s potential benefits. The journey toward harnessing AI in disaster recovery is dynamic, requiring ongoing innovation to overcome existing limitations. Navigating the evolving systems of AI in disaster recovery planning, the amalgamation of benefits, challenges and ongoing evolution underscores the pivotal role that AI plays in shaping the future of resilient disaster response. This paper identifies where AI can play the most significant positive role for disaster recovery.
Keywords: disaster recovery; disaster recovery management; disaster recovery planning; disaster recovery strategies; disaster recovery scenarios; artificial intelligence; technology; online tools; surveillance; AI risk -
The barriers to establishing animal disaster response policies in communities and the effects of not having response networks in place
Cheryl Rogers, National Coordinator, Canadian Disaster Animal Response Team and Theresa Laviolette, Writer and Editor
As climate change exacerbates disasters around the world every year, millions more animals are negatively affected. There is increasing awareness of the importance of the human–animal bond to people’s emotional well-being, along with studies on the traumatic effects on those who lose their animals, both companion animals and livestock, because of disasters. Despite this, however, changes in disaster management to include animal disaster response plans are not being reflected in many communities, and barriers to establishing these protocols remain. This paper addresses the ongoing trauma that can result from losing animals during disasters, outlines barriers that prevent widespread adoption of animal disaster response plans, and offers some suggestions and solutions.
Keywords: animals and disasters and emergencies; human–animal bond; disaster stress; barriers to animal disaster planning -
Case Studies
A song of water and fire: Key lessons from Hurricane Fiona and Nova Scotia wildfires
Emad Aziz, Manager of Business Continuity, Province of Nova Scotia
The Province of Nova Scotia has a broad range of responsibilities during provincial emergencies. Hurricane Fiona had significant impacts on citizens and government services for a considerable time due to widespread telecommunication and power outages. The spring wildfires caused widespread destruction, presented coordination and logistical problems, and resulted in mental health impacts for affected communities and responders. This paper describes the challenges faced by provincial emergency management and business continuity response teams: 1) mental health matters — the next evolution in business continuity requires building confidence in people executing the plan under stressful and uncertain conditions for extended periods; 2) senior leadership support is vital to balance business continuity priorities with ongoing operational business demands; and 3) the best plans are as effective as the relationships that make them work. The importance and value of individual and team relationships during planning, preparedness and response, therefore, cannot be underestimated.
Keywords: hurricane; wildfires; business continuity; emergency management; telecommunications failure; incident command system; mental health -
Rapid disposition, emergency department flow and best practices in hospital mass casualty incident response
Laura Harwood Jackson, Senior Manager, Office of Emergency Management, Stanford Health Care and M. Meredith Masters, Clinical Assistant Professor, Department of Emergency Medicine, Stanford University School of Medicine
This paper examines how Stanford Hospital, a Level I trauma centre serving the metropolitan region of California’s Bay Area, manages an acute surge of patients from a mass casualty incident, specifically within the context of the crowded and overburdened US emergency medicine system. The authors offer practical considerations for the rapid creation of space and bandwidth during an acute surge of injured patients as well as best practices for reorganising daily systems to care for those patients efficiently. The study also discusses how past mass casualty incidents were examined for lessons learned in order to build and refine the response plan at Stanford Hospital, with input from a multidisciplinary committee.
Keywords: mass casualty incident (MCI); rapid disposition; healthcare emergency management; disaster medicine -
Manitoba’s provincial diagnostic and surgical recovery task force: Structure, processes and outcomes
David Matear, Formerly Provincial Executive Director, Diagnostic and Surgical Recovery Task Force, Government of Manitoba
This paper describes how the Government of Manitoba employed a task force to support the recovery of diagnostic and surgical services from the impact of COVID-19 from December 2021 to December 2023. The paper describes how the system evolved during this period to optimise the efficiency and effectiveness of recovery efforts. The paper supports a more comprehensive implementation of the incident command system (ICS) to manage recovery effectively, with specific reference to the recovery of diagnostic and surgical services. The implementation of ICS and robust structure and processes led to the elimination of 83 per cent of the pandemic backlog and achievement of wait time targets for 26 per cent of services lines in ‘expanded scope’, with 83 per cent of service lines trending positively towards the target. ICS structured task forces may be an important tool in addressing specific challenges within a healthcare system.
Keywords: emergency preparedness; recovery management; healthcare; hospital; incident command system; healthcare task force -
Research Paper
Knowledge production as an enabler to effective organisational resilience
Mike Blyth, Chief Executive Officer, Sigma7 University, et al.
Organisational resilience depends on knowledge-driven standards and practices that enable risk owners to identify, evaluate, manage and react to complex, dynamic and interconnected threats. It is knowledge that determines the level of sophistication and effectiveness of an organisation’s resilience strategy. This knowledge rests with those whose role is focused on security, who support security as an ancillary function, or who lead in specific technical risk areas. The establishment of consistent, credible, accredited and recognised knowledge production allows individuals and their employers to establish a competency framework that shapes the development and exercising of focused and relevant knowledge, and that critically allows the effectiveness of knowledge application to be measured. The process of knowledge production can be opportunistic or structured, enabling either transformative or incremental change. Learning can bring together professionals from markedly different career start-points to enable the process of career convergence where strengths, weaknesses and gaps in capacity are identified and addressed to create an effective and rounded security professional. This paper explores the concept of the security professional, how knowledge is created, the value of training, the importance of credible knowledge resources, how change can be affected, and the need for a formally recognised competency framework to shape professional development pathways within the security community.
Keywords: knowledge; education; resilience; crisis; training; exercising; professional; security; practitioner; competency framework; knowledge; risk
Volume 18 Number 1
-
Editorial
Lyndon Bird, Editor -
Practice Papers
An apolitical risk assessment of the 2024 US elections: The threat of widespread riots and significant business disruption
Mike Blyth, Chief Executive Officer, Sigma7, et al.
Civil disorder has always plagued humanity, with violence being triggered by real or perceived grievances, rumours and speculation, and internal or external agitators. The risk to people, communities, businesses and the rule of law is not isolated to a particular country or society. The propensity for violence and how it is incited is, however, an evolving threat with the advent of the ‘modern riot’. The causes of violence centre on economic and social injustice, sports- and event-related riots, a reaction to police or security forces and political unrest. As the US nears the contentious 2024 elections, the failing trust in the three branches of government combined with external global tensions and conflict, threats from domestic extremist groups, a rising acceptance of violence as a means of settling political disagreements, hostile nation actors and international terror groups that exploit societal instability create fertile conditions for widespread violence. Exacerbating these factors are the risks from artificial intelligence (AI) deepfake, rapid mass communications, the citizen journalist, prominent influencers amplifying grievances and inflammatory media reporting. This convergence of exacerbators and accelerants for political discord offers the potential for serious security risks and significant business disruption.
Keywords: 2024 elections; deepfake; AI; riots; civil disorder; flashpoints; social unrest -
Building capability and community through cyber-incident response exercises
Matthew Ricks, Senior Director, IT Facilities Infrastructure & Resilience, Stanford University
While a natural disaster or related threat may impact an organisation at some point, it is more likely (even inevitable) that it will be the victim of a cyber attack. The solution to being better prepared for these imminent attacks is to undertake more lightweight and frequent incident response (IR) exercises to help build capabilities and community through a tighter, recurring cycle of planning, conducting and assessing. To boost the facilitation of IR exercises, organisations must leverage the established relationships between business continuity management (BCM) or resilience staff (both of which are familiar with business continuity and disaster recovery exercises), and their information security office. As BCM will ultimately be involved in response and recovery after a cyber attack, it is intuitively more effective to collaborate with BCM in advance. Indeed, it has been substantiated that BCM engagement improves incident response time and reduces incident response costs. This paper concludes that involving BCM or resilience departments in IR exercises contributes to more effective responses to actual incidents.
Keywords: cyber security; information security; business continuity management; resilience; incident response; exercises -
Redefining cyber resilience: Through the risk register lens
Ria Thomas, Senior Vice President and Head of Cyber Organizational Resilience, Truist
Resilience is deeper than maintaining a company’s operations and services in the face of significant disruptions. It is the ability of a business to withstand, pivot and continue to grow in the face of a significant threat. To achieve resilience, companies must have an integrated, end-to-end understanding of how a specific threat magnifies the risks identified on their risk register, and what measures are needed across the enterprise to address the amplification of those risks. This paper details how the need for a holistic approach is especially important for cyber crises, compared with other types of crises, because they tend to have more broad-ranging impacts and complexities, such as: unclear timelines, lack of public empathy, unpredictable human threat actor(s), as well as a broader set of internal and external stakeholders that need to be engaged. Unlike other crises, cyber crises have the potential to magnify most — if not all — of the risks on the risk register. As such, cyber resilience requires ensuring that key stakeholders, whether shareholders, customers, regulators, business partners, employees, etc, stay resolute in their faith in a company and its leadership’s ability to navigate the increasingly complex issues related to cyber risks and how these issues are addressed enterprise-wide, not purely seen through the lens of technical or operational resilience. To achieve cyber resilience, organisations must develop and implement programmes that integrate both the technical and the broader business measures needed to limit fallout, demonstrate leadership through cyber crises, and deepen trust regardless of the potential severity of the impact.
Keywords: enterprise resilience; cyber resilience; risk register; operational resilience; financial risks; incident response; cyber crisis; preparedness -
Case Studies
Electronic health record downtime responses: One health system’s process for ongoing readiness
Julie Bulson, Director Business Assurance and Sean Brower, Operational Readiness Specialist, Corewell Health
Since the implementation of the HITECH Act 2009, the integration of the electronic health record (EHR) with other technology platforms has increased the complexity and necessity of technology downtimes, and the continuity of patient care has become increasingly dependent on an intact EHR. To maintain business continuity and safe patient care during planned or unplanned EHR downtime, it is imperative that organisations have solid downtime and disaster recovery plans. Successful downtime planning will include documenting, with annual reviews, the process for patient care during downtime, as well as an exercise programme that touches all aspects of the downtime process. This paper discusses the experience of a healthcare system based in the US Midwest, which has chosen to exercise part of that process on a quarterly basis, prior to scheduled EHR upgrades. Over the past year of exercises, this healthcare system has collected various data elements in order to identify the education needed and the fine-tuning of the exercise design required to ensure staff competency and patient safety during EHR downtime. The paper describes the process, outcome and the steps the organisation is taking to improve the outcomes of future EHR downtimes.
Keywords: healthcare; patient; electronic record; electronic health record; EHR; disaster; downtime; informatics; drill; exercise -
Water, water, everywhere and not a drop to drink: Responding to water disruptions in two coastal healthcare facilities
Kelsey Alexander, Health Emergency Management Specialist, Maddy Laberge, Manager and Norman Kotze, Health Emergency Management Specialist, Health Emergency Management British Columbia
Having a consistent and readily available clean water supply is essential, not only for convenience but also to safeguard public health. While disruptions to the supply of clean water can impact communities of all kinds, some infrastructures and healthcare facilities are more vulnerable than others, such as those located in remote areas or within First Nations communities. This paper presents a case study of water disruption events within Sechelt and the First Nations community of Bella Bella, describing also the associated response efforts and lessons learned. Both events shared similar response activities, requiring the curtailing of normal water usage, the establishment of emergency operations centres, the sourcing of resources via supply chain or transportation partners, implementation of infection prevention and public health considerations, and collaboration with internal and external agencies. The learnings highlight a need for greater focus on building resiliency within healthcare facilities, especially those that serve remote or First Nations communities. The study also presents recommendations for water disruption response planning at the site and community level, and the establishment of non-centralised backup water systems.
Keywords: water security; healthcare facilities; emergency preparedness; public health; resource allocation; community collaboration -
Research Paper
Continuity of an essential service during the COVID-19 pandemic: A systematic review and meta-analysis of vaccine perceptions and hesitancy in the emergency medical services profession
Randy D. Kearns, Associate Professor of Healthcare Management and Disaster Management, University of New Orleans, Ginny R. Kaplan, Assistant Professor of Health Care Administration and Advanced Paramedicine, Methodist University and Michael W. Hubble, Assistant Professor, Wake Technical Community College
During and subsequent to a natural disaster, there is an expectation that certain elements of society will continue to operate with a degree of normalcy. For example, it is expected that emergency medical services will continue to function and remain reliable for the community served. Expectations such as these are based on the presumed reliability of government and the assumption that those responsible for the relevant infrastructure will have made plans to ensure it remains functional and taken steps to mitigate known weaknesses. The COVID-19 pandemic provides a case in point. Specifically, data captured during the pandemic are now the subject of ongoing review and analysis, and the findings from such studies are being used to inform planning and preparedness for the next public health disaster. This particular study was conducted in response to circumstantial evidence indicating that frontline workers in the healthcare profession may share some of the same ambivalence towards transmission mitigation as seen in the general population when confronted with new and emerging communicable diseases. This is a concern, as when medical personnel are either unable or unwilling to take reasonable steps to protect themselves and their patients, it undermines the readiness of the essential service. To explore this situation in greater depth, the study examines the real-time responses from a sample of frontline personnel interviewed during the pandemic. The results indicate that there are a number of opportunities to improve workforce readiness to assure reliable continuity during the next outbreak, epidemic or pandemic.
Keywords: COVID-19; emergency medical service; mental health; vaccination; vaccine hesitancy; disaster planning; EMS; vaccine; vaccinations; COVID19; SARS-CoV2