Continuity of Operations Strategies: Collaborate Without Disruption

Continuity of Operations Strategies: Collaborate Without Disruption

Part One: Secure, Resilient Collaboration

Inter-agency collaboration has an Achilles' heel. The vulnerability is revealed when an employee is depending on another agency's application and it suddenly disappears, or when a response team scrambles to establish an emergency voice and video conference with leaders, managers, and decision-makers in far-flung national global offices, all using different communications systems. To realize the promise of collaboration, federal agencies need to approach it in a way that achieves continuity of operations (COOP) programs while avoiding the perils of more potential points of failure.

While collaboration unquestionably supports government transformation by helping agencies deliver services more effectively and efficiently, it simultaneously introduces new technology concerns related to resilience. That is, a disruption to one agency's network, applications, communications, or workforce must not disrupt the operations of that agency or its partners. Therefore, the aim is not collaboration per se, but rather secure, resilient collaboration. The intent is the "ability to communicate with COOP personnel, other agency employees, leadership, and other agency elements, to include bureaus, regions, and field offices."*

How successful are COOP efforts to date for secure, resilient collaboration? The news is mixed. On one hand, government agencies are taking COOP collaboration requirements seriously. According to a Larstan Business Reports survey of 533 government IT professionals, 69% of civilian, 75% of military non-combatant, and 82% of intelligence/military organizations state that they are involved in a collaborative project with multiple agencies.

(Note: In the Larstan survey charts, blue denotes civilian respondents; red, intelligence/military combatant; yellow, military/non-combatant.)

Furthermore, an impressive 95% of respondents consider the resiliency of their collaborative initiative at least somewhat important.

With such clear consensus on the importance of resiliency for collaborative efforts, widespread COOP implementations would be expected. And yet, 34% of civilian agencies disagree or strongly disagree that they have implemented a COOP plan. What's more, only intelligence/military combatant organizations believe that 50% or more of the agencies with which they collaborate have a COOP program planned.

This disparity is perplexing on two counts. First, why haven't all organizations complied with COOP mandates? Second, why is there a gap between the percent of agencies reporting that they have implemented COOP programs and the percent that believe their collaborating partners have done so? An agency with a commitment to collaboration would be keenly aware of whether its communications with other agencies were resilient and satisfied COOP objectives. The obvious conclusion is that government IT professionals do not yet view COOP within the context of crossagency collaboration. This is a serious oversight: a COOP plan that ignores an agency's interaction with partner agencies is myopic and, ultimately, in jeopardy.

To bridge the gap between recognizing the importance of COOP and acting on it, agencies need better integration and closer collaboration with their partner agencies. The solution, already proven in public sector and private sector organizations, is secure, intelligent, standards-based IP networks that allow communications and information-sharing across and within agencies.

This paper explains the keystones of secure, resilient collaboration as part of a COOP plan and summarizes proven network technology solutions for federal government agencies.

Drivers for Secure, Resilient Collaboration in Federal Government
"The attacks on 9/11 demonstrated that even the most robust emergency response capabilities can be overwhelmed if an attack is large enough. Teamwork, collaboration and cooperation at an incident site are critical to successful response."- The 9/11 Commission Report

The World Trade Center basement bombing in 1993 galvanized the federal government to focus on COOP. Today, related mandates include Federal Executive Branch COOP, Enduring Constitutional Government (ECG), Continuity of Government Operations (CGO), and Defense Continuity Program (DCP). The most explicit prescription for resilience appears in FPC 65:

• Alternate facilities: Allow key staff to perform functions under various threat conditions even if primary facilities are inaccessible.
• Interoperable communications: Maintain critical communications within and between agencies and to customers and public.
• Protection and availability of vital information: Protect and enable critical information systems, applications, and records needed to support inter- and intra-agency functions.

With such a clear strategic roadmap in FPC 65 and consensus about the importance of COOP, what's stopping agencies from full compliance with COOP mandates? A likely culprit is the widespread misconception that COOP is a one-time effort that must be exhaustively planned at the outset and then implemented in one fell swoop. In actual fact, COOP is not a silo or add on, nor a single technology investment. Rather, COOP planning and deployment is iterative. IT can make incremental investments to continually refine and optimize the COOP response based on changing organizational, mission, and political requirements. For example, an agency might begin by adding resilience to its network infrastructure; next add redundant data centers for application resilience; and later extend the effort to include workforce resilience by setting up employees to work from home in the event of site disasters or weather conditions.

Most government agencies already recognize at some level that COOP is not a silo purchase. In the Larstan Business Reports survey, the statement that COOP is integral to technology purchases and upgrade planning was agreed to by 78% of civilian, 87% of military non-combatant, and 87% of intelligence/military organizations.

Demystifying Resilience
Federal agencies can establish secure, resilient collaboration with their partner agencies by implementing straightforward technology and best practices. Resilience applies to four levels: the network, applications, communications, and workforce. The four levels together address federal government resilience requirements stipulated in FPC 65 (Figure 1).

"There are four areas around which the solutions are built: network, applications, communications, and workforce. We offer multiple solutions in each of those areas, and all of them are covered with an integrated security solution." - Bruce Klein, VP, Cisco Systems, Federal Sales Organization

Each layer of resilience depends on the layers beneath. That is, it is impossible to acquire workforce resilience without a foundation of resilient communications, and it is impossible to provide resilient communications without basing it on a resilient network infrastructure and applications.

Network Resilience: The Granddaddy of Resilience
Network resilience must come first, and without it no other types of resilience are possible. It provides the ability to quickly identify, prevent and adapt to threats to the infrastructure itself and to quickly recover from potentially costly disruptions. Key technologies for network resilience include:

• Redundant access technologies. With a combination of landline, cable, wireless, and satellite connectivity, governments can continue to access network resources and collaborate with partner agencies even should one network become inoperable.*
• Rapid recovery from disruptions. Network technologies enable rapid recovery from disruptions to devices, links, protocols, and applications. For example, Cisco routers and Cisco Catalyst switches automatically identify and overcome device and link failures with techniques that include hot standby, intelligent redundancy and backup paths across the network, and load balancing across parallel links, which avoids congestion and optimizes available bandwidth.
• Integrated security. Security breaches can slow or take down the network and compromise data, disrupting government operations. For COOP, government agencies need comprehensive, integrated security at all levels of the network to protect against threats such as worms, viruses, hacker attacks, and distributed denial of service (DDoS) attacks. Compared to device-level protection, network-level protection improves resiliency and saves time for government IT staffs because it's less labor-intensive. If any device goes out, the network continues to automatically enforces security access controls based on the network user's credentials, profile, and privileges. As a result, response teams can spend their time on recovery instead of attending to manual security access controls.

Application Resilience:
Anytime Access to Data Application resilience ensures that staff members retain continuous access to data and applications and that data is securely replicated and stored. Techniques include:

• High-speed connections to contingency data centers in other locations.
• Application and content caching at the data center and branches, and redundant links. For example, Cisco Application and Content Networking System (ACNS) creates "mini data centers" at each branch. If the link to an application server at the same or another agency goes down, staff can continue to access applications and content from the local caching server.

  "With Cisco ACNS, users who attempt to connect to an
  application in a Washington D.C. data center that was
  disrupted by disaster can access the same application and data
  from a system in Denver, without even realizing the difference."
  - Bruce Klein, VP, Cisco Systems, Federal Sales Organization

• Storage area networks (SANs) for virtual storage that can recover and replicate data seamlessly.
• Application security, through anti-virus, intrusion prevention systems, and user authentication using the IEEE 802.1x standard and Cisco Access Control Server. Where anti-virus software protects against known threats, Cisco Security Agent protects applications against unknown threats by detecting anomalous behavior for a given application and blocking the behavior until approved by an administrator.
• Web-based application portals that front-end redundant application servers in different regions. If one application server fails, employees can continue to access the application or data on another server, using the same Web portal interface.

  "In the past, when legacy systems were being built, there was not as much attention paid to contingency planning. Because of 9/11 and other factors, continuity is considered in application design and there is a convergence of technologies to provide continuous operations." - Shailendra Sharma, Chief Information Officer, Comtech

Communications Resilience: Always Able to Call
Communications resilience refers to maintaining communications and collaboration despite disruptions to internal and external agencies such as loss of a network link or even an entire building. For example, consider a federal agency with redundant call processing centers in two different cities. Say one of the processing centers loses its connectivity to the public switched telephone network (PSTN). Cisco contact center technology can automatically detect the outage and reroute the call over the WAN to the backup center. If this location, too, becomes unavailable, the router can forward calls directly to the destination over the PSTN. What's more, if employees cannot use their offices because of damage, traffic, or weather conditions, they can use their Cisco IP phones to make and receive calls from another location, such as their homes. In fact, agencies that use Cisco CallManager can redirect calls almost anywhere, including moving vehicles equipped with mobile routers.

Network technologies for communications resilience include:

• Unified messaging, which means staff can forward and retrieve voice messages from their email as sound files, or retrieve email along with voice messages by way of text-tospeech technology.
• IP telephony, which enables employees to move their IP phones to another location without assistance from IT and to log onto any IP phone as if it were their own.
• Survivable Remote Site Telephony, a feature of Cisco routers that detects WAN link outages between remote offices and the location housing Cisco CallManager and automatically redirects IP telephony calls over the PSTN. When the outage is addressed, SRST automatically restores control to the Cisco CallManager server.
• Redundant call centers.
• Quality of Service, used to assign priority to different types of traffic, such as calls originating from particular people or departments.
• Remote management.
• Cisco MeetingPlace Crisis Management (see sidebar and Figure 2).

  "From a crisis management standpoint, agencies need to be able to connect to response teams - whether those teams are part of different federal agencies or even within state and local governments." - Bruce Klein, VP, Cisco Systems, Federal Sales Organization

Cisco Crisis Management Solution for Communications Resilience
Under emergency conditions, government organizations need to rapidly connect leaders, managers, and decision-makers in far-flung national global offices. This presents a technological challenge when the various offices use different communications systems and applications - an unacceptable complication in crisis situations.

To enable resilient inter-agency collaboration during crises, governments can use the Cisco MeetingPlace Crisis Management application. It immediately connects response teams to a voice and data collaboration conference where they can plan and implement recovery actions. The application, based on the Cisco MeetingPlace conferencing product, automatically initiates a "dial blast" to contact a pre-defined set of individuals simultaneously. It attempts up to three phone numbers for each individual and leaves a recorded message if the individual doesn't answer. To ensure the security of conference sessions, the Crisis Management application limits access to invitees only and requires a password. An open, scalable, standards-based architecture provides quadruple redundancy.

Workforce Resilience: Productive from any Location
Secure, resilient collaboration requires that staff have the ability to relocate to another facility or work from home, without assistance from IT, and to immediately become productive. If a building becomes unusable, for example, governments can continue to collaborate* by setting up a wireless LAN in another facility adjacent to any building with broadband access - typically in less than an hour. All that's required are two Cisco Aironet wireless access points, one for the facility that still has connectivity and one for the temporary facility. Employees in the temporary facility can access the network from their wirelessenabled
laptops, and also place and receive voice calls over the
wireless network using either Cisco wireless IP phones or Cisco
IP Communicator laptop software. Cisco Integrated Security
solutions ensure that sensitive traffic traveling over the wireless
network remains protected.

When establishing priorities for their technology investments, government organizations should be aware that workforce resilience initiatives satisfy two mandates: COOP as well as the Congressional Federal Telework Mandate of 2001, which requires governments to remove telework barriers and increase participation.

Technologies for achieving workforce resilience include the following:

• Mobile worker and telework solutions such as virtual private networks (VPNs), wireless LANs, and softphones, including the Cisco IP Communicator wireless softphone.
• Desk sharing, or "hot desking." Using the Extension Mobility feature that's built into Cisco CallManager, employees can log into any Cisco IP phone as their own, provided the phone is served by the same CallManager server. The IP phone can be on a different floor, a different building on the same campus, or, if the agency uses centralized call processing for multiple locations, an entirely different location.
• Cisco Integrated Security end-to-end solutions ensure that PCs and laptops used from remote locations cannot infect network resources, and that sensitive traffic is encrypted for protection.
• Alternative high-availability headquarters with a robust WAN to support displaced workers.
• Policy-based access. Cisco Identity-Based Networking Services (IBNS) identifies users and devices using strong authentication technologies, and allows or restricts access to content and applications according to the agency's policies.
• Cisco VirtualCOOP Teleworker solution.
  

  Currently, most government employees who work from home or another location use VPN client software to establish a temporary VPN connection. While this approach partially addresses the need for workforce resilience, it does not deliver the quality of service needed for voice over IP or video conferencing, nor the manageability required for secure collaboration in crisis situations.

  The Cisco VirtualCOOP Teleworker solution overcomes these limitations by creating an "always-on" VPN tunnel that appears to IP telephony applications as if it were an ordinary enterprise LAN or WAN connection. By connecting an IP phone to a PC, government workers can receive calls and check voicemail as if they were connected to the central LAN.

  The solution also allows centralized management of federal employees' home connections. The administrator can apply security policies, push configuration information, and periodically test the teleworker connection remotely to ensure it delivers the necessary quality of service for voice and video traffic. To preserve bandwidth for high-priority government collaboration, the administrator can assign priority to timesensitive traffic such as voice and video and authenticate users and devices.

Summary
The Larstan Business Reports survey confirms that federal government agencies increasingly collaborate with partner agencies and understand the need for secure, resilient collaboration. Action lags behind understanding, however, and many agencies have not yet begun viewing COOP as an integral part of their collaboration efforts with other agencies. To ensure that their collaboration efforts are secure and resilient, agencies can begin with their network infrastructures and then add resilience solutions for their applications, communications, and workforce. Investments can be made incrementally, using technology proven in other public sector and private sector organizations. Only when all agencies are capable of secure, resilient collaboration will the federal government fully meet its COOP objectives.

To view the complete results of the Larstan Continuity of Operations Survey, go to www.larstan.net/COOP. For a full range of Larstan reports and surveys, go to www.larstan.net.